Combating Potentially Harmful Applications with Machine Learning at Google: Datasets and Models

Posted by Mo Yu, Android Security & Privacy Team

In a previous blog post, we talked about using machine learning to combat Potentially Harmful Applications (PHAs). This blog post covers how Google uses machine learning techniques to detect and classify PHAs. We'll discuss the challenges in the PHA detection space, including the scale of data, the correct identification of PHA behaviors, and the evolution of PHA families. Next, we will introduce two of the datasets that make the training and implementation of machine learning models possible, such as app analysis data and Google Play data. Finally, we will present some of the approaches we use, including logistic regression and deep neural networks.

Using machine learning to scale

Detecting PHAs is challenging and requires a lot of resources. Our security experts need to understand how apps interact with the system and the user, analyze complex signals to find PHA behavior, and evolve their tactics to stay ahead of PHA authors. Every day, Google Play Protect (GPP) analyzes over half a million apps, which makes a lot of new data for our security experts to process.

Leveraging machine learning helps us detect PHAs faster and at a larger scale. We can detect more PHAs just by adding additional computing resources. In many cases, machine learning can find PHA signals in the training data without human intervention. Sometimes, those signals are different than signals found by security experts. Machine learning can take better advantage of this data, and discover hidden relationships between signals more effectively.

There are two major parts of Google Play Protect's machine learning protections: the data and the machine learning models.

Data sources

The quality and quantity of the data used to create a model are crucial to the success of the system. For the purpose of PHA detection and classification, our system mainly uses two anonymous data sources: data from analyzing apps and data from how users experience apps.

App data

Google Play Protect analyzes every app that it can find on the internet. We created a dataset by decomposing each app's APK and extracting PHA signals with deep analysis. We execute various processes on each app to find particular features and behaviors that are relevant to the PHA categories in scope (for example, SMS fraud, phishing, privilege escalation). Static analysis examines the different resources inside an APK file while dynamic analysis checks the behavior of the app when it's actually running. These two approaches complement each other. For example, dynamic analysis requires the execution of the app regardless of how obfuscated its code is (obfuscation hinders static analysis), and static analysis can help detect cloaking attempts in the code that may in practice bypass dynamic analysis-based detection. In the end, this analysis produces information about the app's characteristics, which serve as a fundamental data source for machine learning algorithms.

Google Play data

In addition to analyzing each app, we also try to understand how users perceive that app. User feedback (such as the number of installs, uninstalls, user ratings, and comments) collected from Google Play can help us identify problematic apps. Similarly, information about the developer (such as the certificates they use and their history of published apps) contribute valuable knowledge that can be used to identify PHAs. All these metrics are generated when developers submit a new app (or new version of an app) and by millions of Google Play users every day. This information helps us to understand the quality, behavior, and purpose of an app so that we can identify new PHA behaviors or identify similar apps.

In general, our data sources yield raw signals, which then need to be transformed into machine learning features for use by our algorithms. Some signals, such as the permissions that an app requests, have a clear semantic meaning and can be directly used. In other cases, we need to engineer our data to make new, more powerful features. For example, we can aggregate the ratings of all apps that a particular developer owns, so we can calculate a rating per developer and use it to validate future apps. We also employ several techniques to focus in on interesting data.To create compact representations for sparse data, we use embedding. To help streamline the data to make it more useful to models, we use feature selection. Depending on the target, feature selection helps us keep the most relevant signals and remove irrelevant ones.

By combining our different datasets and investing in feature engineering and feature selection, we improve the quality of the data that can be fed to various types of machine learning models.

Models

Building a good machine learning model is like building a skyscraper: quality materials are important, but a great design is also essential. Like the materials in a skyscraper, good datasets and features are important to machine learning, but a great algorithm is essential to identify PHA behaviors effectively and efficiently.

We train models to identify PHAs that belong to a specific category, such as SMS-fraud or phishing. Such categories are quite broad and contain a large number of samples given the number of PHA families that fit the definition. Alternatively, we also have models focusing on a much smaller scale, such as a family, which is composed of a group of apps that are part of the same PHA campaign and that share similar source code and behaviors. On the one hand, having a single model to tackle an entire PHA category may be attractive in terms of simplicity but precision may be an issue as the model will have to generalize the behaviors of a large number of PHAs believed to have something in common. On the other hand, developing multiple PHA models may require additional engineering efforts, but may result in better precision at the cost of reduced scope.

We use a variety of modeling techniques to modify our machine learning approach, including supervised and unsupervised ones.

One supervised technique we use is logistic regression, which has been widely adopted in the industry. These models have a simple structure and can be trained quickly. Logistic regression models can be analyzed to understand the importance of the different PHA and app features they are built with, allowing us to improve our feature engineering process. After a few cycles of training, evaluation, and improvement, we can launch the best models in production and monitor their performance.

For more complex cases, we employ deep learning. Compared to logistic regression, deep learning is good at capturing complicated interactions between different features and extracting hidden patterns. The millions of apps in Google Play provide a rich dataset, which is advantageous to deep learning.

In addition to our targeted feature engineering efforts, we experiment with many aspects of deep neural networks. For example, a deep neural network can have multiple layers and each layer has several neurons to process signals. We can experiment with the number of layers and neurons per layer to change model behaviors.

We also adopt unsupervised machine learning methods. Many PHAs use similar abuse techniques and tricks, so they look almost identical to each other. An unsupervised approach helps define clusters of apps that look or behave similarly, which allows us to mitigate and identify PHAs more effectively. We can automate the process of categorizing that type of app if we are confident in the model or can request help from a human expert to validate what the model found.

PHAs are constantly evolving, so our models need constant updating and monitoring. In production, models are fed with data from recent apps, which help them stay relevant. However, new abuse techniques and behaviors need to be continuously detected and fed into our machine learning models to be able to catch new PHAs and stay on top of recent trends. This is a continuous cycle of model creation and updating that also requires tuning to ensure that the precision and coverage of the system as a whole matches our detection goals.

Looking forward

As part of Google's AI-first strategy, our work leverages many machine learning resources across the company, such as tools and infrastructures developed by Google Brain and Google Research. In 2017, our machine learning models successfully detected 60.3% of PHAs identified by Google Play Protect, covering over 2 billion Android devices. We continue to research and invest in machine learning to scale and simplify the detection of PHAs in the Android ecosystem.

Acknowledgements

This work was developed in joint collaboration with Google Play Protect, Safe Browsing and Play Abuse teams with contributions from Andrew Ahn, Hrishikesh Aradhye, Daniel Bali, Hongji Bao, Yajie Hu, Arthur Kaiser, Elena Kovakina, Salvador Mandujano, Melinda Miller, Rahul Mishra, Damien Octeau, Sebastian Porst, Chuangang Ren, Monirul Sharif, Sri Somanchi, Sai Deep Tetali, Zhikun Wang, and Mo Yu.

Get actionable measurement with Display & Video 360’s Insights module

This is the sixth and final post in a series about Display & Video 360 innovations.

Display & Video 360 is organized around five integrated modules that work together to simplify the end-to-end campaign process: Campaigns, Audiences, Creatives, Inventory and Insights. Today you’ll learn more about the Insights module, where you can get all the campaign metrics you need to understand how your marketing is performing so you can take action to improve results.

A single source of truth with holistic measurement

In Display & Video 360, the Insights module is where you go to audit your media spend, measure impact, and access the information you need to optimize media investment decisions. By consolidating your media buying in one place, you get reporting across all touchpoints for web, apps, TV and more, so you can accurately determine what’s driving performance and quickly act on insights.

The Insights module in Display & Video 360 includes:

  • Fraud-prevention reporting: Invalid traffic reporting enables you to see the amount of invalid traffic detected in your campaigns to date, both pre-bid and post-serve, including breakdowns by categories like data center traffic, automated browsers and falsely represented inventory.
  • Viewability and verification: Active View, Google’s viewability measurement technology, measures in real time whether or not an ad was viewable to a user on an impression-by-impression basis. Verification protects your brand and advertising budget with insights that help you understand where your ads are shown, along with details like video player size and page position.
  • Reach and frequency measurement: Unique Reach measures the number of unique users and average impressions-per-user you get from video and display ads. Metrics are de-duplicated across devices, campaigns, inventory and formats, so you know how many people you reached and how often you reached them.
  • Third-party accreditations: MRC-accredited measurement across display and video ads for clicks, served impressions, viewability metrics, and invalid traffic detection and filtration gives you confidence that the metrics you’re seeing are objective and accurate.  

Coming soon, data-driven attribution reports created in Campaign Manager will also be available in the Insights module in Display & Video 360. Using machine learning, data-driven attribution analyzes the actual converting and non-converting paths to automatically assign values to your marketing touchpoints. You’ll see a more complete and actionable view of which digital channels are performing best, so you can achieve a better return on your marketing investments.

To bring together measurement for your digital and TV ads, we've added a new dedicated "connected TV" device type for targeting and reporting across Display & Video 360. This means that connected TV can be segmented out alongside mobile, computer and tablet. For example, you can now see how many people viewed your ads on connected TV in Unique Reach reporting, and it will soon be added to our reach forecasting tools.

Actionable insights and experiments for brand and performance

Once a campaign is live, Display & Video 360 offers analytics and reporting capabilities that will help you to measure each impression in real time, understand whether the campaign is achieving its goals, and take steps to improve future results.

Instant Reporting in the Insights module helps uncover new insights quickly with a visual report builder. You can build tables and charts directly in the product without having to export data and analyze it in spreadsheets. Instant Reporting shows the last 30 days of report data, lets you quickly toggle between data tables and charts, and supports the most common types of spreadsheet analyses, like pivot tables for summarizing data. You can even combine multiple Instant Reports into a single dashboard that loads in seconds, right inside of Display & Video 360.

Instant Reporting in Display & Video 360

 See data immediately with Instant Reporting

Brand Lift and experiments use best-in-class test and control methodology to help you understand the impact your campaigns are having and optimize in mid-flight.

  • Brand Lift: Brand Lift allows you to easily measure the impact of your video ads on metrics like brand awareness, ad recall and consideration. You can also see how your video ads impact the number of searches for your brand on Google Search and YouTube, so you can assess their effect on brand interest. You can even segment reporting by audiences, creatives and publishers to better understand what’s working.

  • Experiments: A/B experiments enables you to compare the performance of different advertising setups, including targeting, settings and creatives — and shows you whether or not there was significant performance uplift. The findings can be used to improve performance of campaign mid-flight, or influence the planning and decision-making for future campaigns. 

Integrations to connect data and deliver better results

In addition to the reporting available in the Insights module, Display & Video 360 natively integrates with other Google Marketing Platform solutions, allowing you to connect data and workflows — increasing efficiency and delivering better results. And, to help expand coverage and enable choice, Display & Video 360 has integrations with leading measurement providers to help you assess and understand marketing performance, covering areas such as viewability, brand safety, audience measurement and more.

With an ever-changing consumer journey, it is essential to respond quickly based on accurate insights to drive better campaign performance. The Insights module offers all the analytics and reporting capabilities necessary to measure each impression in real time, understand whether the campaign is achieving its goals and take steps to improve future results.

Missed the other posts in this series? Catch up now and read about the other modules in Display & Video 360:

And, download our guide on the benefits of end-to-end campaign management. 

Announcing v201811 of the Google Ad Manager API

We're happy to announce that v201811 of the Google Ad Manager API is available starting today. This version brings support for date range targeting which affords the same functionality as blackout periods in the UI. It also removes the deprecated ContentMetadataKeyHierarchyService. For video targeting, use ContentBundles or key-values mapped from content metadata.

For a full list of API changes in v201811, see the release notes.

For questions about this or any other API changes, reach out to us on the Ad Manager API forum.

Dev Channel Update for Desktop

The dev channel has been updated to 72.0.3610.2 for Windows, Mac & Linux.


A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Srinivas Sista
Google Chrome

On our to-do list: an interview with Google’s productivity expert

Editor’s note: I often wish there were more hours in the day, but that’s not going to happen anytime soon, so I turned to Google's resident productivity expert Laura Mae Martin for help. In the conversation below—our latest installment of The She Word—Laura shares her secrets on how to lead a more productive life. Turns out they’re not even secrets! They’re easy and manageable ways that you, too, can become a productivity whiz.


How do you explain your job at a dinner party?
I help Googlers be as productive as possible. I consult with executives on their productivity strategies (how to manage their meetings, email, time and energy), and run a Google-wide productivity program, which includes trainings and a weekly newsletter.

IMG_1697.JPG

Not the “Laura 30,” just some quality sister time. Laura’s sister is also a Googler, based out of our Ann Arbor office.

What’s one habit that makes you successful?

Every morning I have 30 minutes to myself, I call it the “Laura 30.” No phone, no computer. I just drink my coffee, meditate, journal or play the piano. By taking some time to think, I start off my day in a calm and focused place, and stay grounded before tumbling into my busy day.

I’m glad you brought up the m-word. Should we all be meditating?
If someone stopped me on the street and asked me how to be more productive, I would say “start meditating.” But the word can turn people off, so I try to make it seem more manageable. Meditation can help with work-related struggles, like focusing in meetings or resisting the urge to constantly look at email. Think of it this way: if you had to cut a thousand pineapples, wouldn’t you spend some time sharpening the knife? The same is true of your brain as you power through activities. Meditation is “mental hygiene” to support your brain in all of its tasks.

What’s one thing people should start doing to manage their workload more efficiently?
Determine your top priorities for the quarter, and write them on a note on your desk. If you’re asked to do something that doesn’t align with one of those priorities, say no. The more you say no, the more chances you have to say yes to something that really matters.

Got it. So if I just say “no” more, I’ll be more productive?
Not exactly, but we do need more time to think, and that can mean saying no. You know how sometimes great ideas come to you in the shower? I try to find ways to create more “shower moments” at work.

How do we create more of those moments without actually taking a shower?
Find the gaps in your day—a commute or waiting in line— and don’t look at your phone. I call this “opening a loop,” which means you’re giving your brain the space to make new connections (shower moments!). When you answer emails or go to a meeting, you’re closing a loop. It’s important to find a balance, so if you say yes to every meeting, when do you have time to open loops?

What’s the first step you take when you feel overwhelmed by your workload?
First, I sort through my emails and assign an action to each one—could be "need to read" or "respond"—until my inbox is clear. (Pro tip: Spend 15 minutes max minutes sorting your email. If you can respond in less than a minute, do it on the spot. If not, sort it for later). Then, I write down three big things I want to accomplish that day. And then I open only one tab for the thing I’ve decided to work on.

Can you pass on some of the productivity strategies that you share with Google executives?
The first place to start is email—usually executives are getting a lot of email, and if they’re not attentive to it, their schedules blow up because people think the only way they’ll get an answer or decision is to set up a meeting. And going back to the idea of opening loops, nobody came up with their last great idea when they were in meetings all day. The other thing is, everyone has a set of hours when they’re naturally more productive—mine are 7 a.m. to 9 a.m. Define your “power hours” and identify your biggest projects to work on during that time

Earlier this year, hundreds of Googlers joined you in a “read a book a week” challenge for 12 weeks. What did you learn from reading 3,327 pages about productivity?
People who craft their time intentionally and give it their full attention end up where they want to be in the long term.

pic.jpg

When she doesn’t have a book in her hand, Laura has two pups (Sadie and Nala) in her arms.

Is your personal life as organized as your professional life?
Because I spend so much mental energy staying productive at work, I try to have more spontaneity in my personal life. Right now I’m doing “No-plans November,” when I don't make any weekend plans until the morning of. To me, that’s work-life balance: not flexing the same muscles at home and at work.

Introducing a Web Component and Data API for Quick, Draw!


Over the past couple years, the Creative Lab in collaboration with the Handwriting Recognition team have released a few experiments in the realm of “doodle” recognition.  First, in 2016, there was Quick, Draw!, which uses a neural network to guess what you’re drawing.  Since Quick, Draw! launched we have collected over 1 billion drawings across 345 categories.  In the wake of that popularity, we open sourced a collection of 50 million drawings giving developers around the world access to the data set and the ability to conduct research with it.

"The different ways in which people draw are like different notes in some universally human scale" - Ian Johnson, UX Engineer @ Google

Since the initial dataset was released, it has been incredible to see how graphs, t-sne clusters, and simply overlapping millions of these doodles have given us the ability to infer interesting human behaviors, across different cultures.  One example, from the Quartz study, is that 86% of Americans (from a sample of 50,000) draw their circles counterclockwise, while 80% of Japanese (from a sample of 800) draw them clockwise. Part of this pattern in behavior can be attributed to the strict stroke order in Japanese writing, from the top left to the bottom right.


It’s also interesting to see how the data looks when it’s overlaid by country, as Kyle McDonald did, when he discovered that some countries draw their chairs in perspective while others draw them straight on.


On the more fun, artistic spectrum, there are some simple but clever uses of the data like Neil Mendoza’s face tracking experiment and Deborah Schmidt’s letter collages.
See the video here of Neil Mendoza mapping Quick, Draw! facial features to your own face in front of a webcam


See the process video here of Deborah Schmidt packing QuickDraw data into letters using OpenFrameworks
Some handy tools have also been released from the community since the release of all this data, and one of those that we’re releasing now is a Polymer component that allows you to display a doodle in your web-based project with one line of markup:

The Polymer component is coupled with a Data API that layers a massive file directory (50 million files) and returns a JSON object or an HTML canvas rendering for each drawing.  Without downloading all the data, you can start creating right away in prototyping your ideas.  We’ve also provided instructions for how to host the data and API yourself on Google Cloud Platform (for more serious projects that demand a higher request limit).  

One really handy tool when hosting an API on Google Cloud is Cloud Endpoints.  It allowed us to launch a demo API with a quota limit and authentication via an API key.  

By defining an OpenAPI specification (here is the Quick, Draw! Data API spec) and adding these three lines to our app.yaml file, an Extensible Service Proxy (ESP) gets deployed with our API backend code (more instructions here):
endpoints_api_service:
name: quickdrawfiles.appspot.com
rollout_strategy: managed
Based on the OpenAPI spec, documentation is also automatically generated for you:


We used a public Google Group as an access control list, so anyone who joins can then have the API available in their API library.
The Google Group used as an Access Control List
This component and Data API will make it easier for  creatives out there to manipulate the data for their own research.  Looking to the future, a potential next step for the project could be to store everything in a single database for more complex queries (i.e. “give me an recognized drawing from China in March 2017”).  Feedback is always welcome, and we hope this inspires even more types of projects using the data! More details on the project and the incredible research projects done using it can be found on our GitHub repo

By Nick Jonas, Creative Technologist, Creative Lab

Editor's Note: Some may notice that this isn’t the only dataset we’ve open sourced recently! You can find many more datasets in our open source project directory.

Zero-touch enrollment’s new features deliver for partners and customers

Last year we launched zero-touch enrollment, a deployment method to help make Android rollouts—especially those at large scale—more seamless and secure.  Since then, the program has grown and customers and partners are already seeing the benefits.

Better rollouts for customers and partners

Zero-touch continues to help businesses quickly and securely deploy Android devices, easing many pain points IT admins face when rolling out device fleets.

NAV, the Norwegian Labour and Welfare Administration, has successfully used zero-touch enrollment to deploy over 10,000 Android devices across their organization. Bengt Nielsen, who leads NAV’s IT Infrastructure and Platform Services team, explained that the large scale deployment of Android devices was a key component of the organization’s digital transformation strategy. NAV wanted employees to work in a more agile way, freeing them to work out in the community rather than always at their desk.

Zero-touch enrollment ensured that devices were configured and ready for use out of the box, making the deployment quick and easy for IT and employees, according to Bengt. He said, “Compared to previous manual enrollments, the zero-touch experience was like night and day—the enrollment process was almost flawless, employees found it straightforward and, most importantly, it saved the organization thousands of hours of work time.”  

NAV’s deployment partner ATEA explained the impact that zero-touch enrollment has had on customer rollouts. Kim Tovgaard, Enterprise Sales Executive at ATEA, commented, “Android zero-touch enrollment means we can offer customers a wider range of hardware in our deployment concept for automated purchase and enrollment of mobile devices, and help businesses save time and money.”

Expanding the zero-touch partner list

The support for zero-touch is continually growing, with new partners regularly added and validated. One of our zero-touch resellers, Tech Data, has recently launched a fully integrated service across their 20,000 European Android resellers, enabling them to offer zero-touch enrollment to all their customers.

“The API integration and set up was straightforward,” says Luc Van Huystee, Vice President, Mobility Solutions, Europe, at Tech Data, “enabling us to integrate this with our systems to allow every organization to carry out quick and easy bulk provisioning of company-owned Android devices straight after purchasing them.”

Over 30 zero-touch partners have joined the program globally in the second half of 2018, including major mobile operators such as Bouygues Telecom, Chunghwa Telecom, NTT DoCoMo, Telia, and Vodafone (Netherlands, Spain and Ireland). The full list of our partners can be found on this site.

New product features recently launched

We continue to add new features to zero-touch enrollment for both resellers and customers. Resellers can now appoint vendors to act on their behalf, while maintaining overall visibility and control. This will enable multi-national carriers to oversee the actions of their local operators and also support carriers who delegate their B2B sales to dealers.

Multi-language support is available within the zero-touch portal, with support for 13 languages. Additionally, zero-touch now supports WiFi-only devices, meaning that devices such as tablets and dedicated devices are also able to take advantage of the seamless enrollment that zero-touch offers. The current list of supported models is available here, with further manufacturers coming soon.
Learn more about how zero-touch enrollment can help make enterprise deployment easier and more secure.


Chrome Beta for Android Update

Ladies and gentlemen, behold! Chrome Beta 71 (71.0.3578.55) for Android has been released and is available in Google Play. A partial list of the changes in this build is available in the Git log. Details on new features is available on the Chromium blog, and developers should check out our updates related to the web platform here.

If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Ben Mason
Google Chrome

Don’t be a turkey: Use Google Maps to avoid traffic and crowds this Thanksgiving

Ah, Thanksgiving🦃.  A time for food, family, fun and the overwhelming stress that can come from getting stuck in holiday traffic. To make sure you make it to the festivities on time, we analyzed 2017 traffic data to pinpoint the best and worst times to leave for your Thanksgiving road trip—because there’s nothing worse than knowing that great Uncle Bobby is chowing down on your share of stuffing while you’re running late. And since lines can get long during the holidays, we’ve also identified when popular spots tend to be the most crowded so you can know exactly when to go to beat the rush. Interested in Thanksgiving traffic and search trends in your state? Check out our interactive site to take a deeper dive.


Beat the traffic 🚗

Getting to Thanksgiving dinner is always an adventure—but an understanding of Google Maps traffic patterns can help make your ride more predictable. Unsurprisingly, the day before Thanksgiving between 3-4pm is the worst time to hit the road, but traffic clears up significantly by 6am on Thanksgiving morning. After Thanksgiving, try your best to avoid the Friday or Sunday afternoon rush by leaving in the morning instead, when there are significantly less cars on the road.


traffic trends

Skip the line 🙅🏽

We analyzed popular visit times for the season’s favorite places—grocery stores, shopping malls, bakeries, movie theaters and liquor stores—during Thanksgiving week so you can time your visit to avoid the crowds. Pro-tip: avoid grocery stores on Wednesday afternoon if crowds make you cringe.


Thanksgiving Crowds

Holiday survival tips 💪

No matter where you’re headed this Thanksgiving, we’ve got you covered. We polled the Google Maps team to identify some of the most used tips from the experts themselves:


  • Search along your route: Running low on gas? Burned the turkey? No problem—simply search for places along your drive to tackle your to do list without going out of your way.

  • Share your ETA: Let the fam know what time you’ll be arriving without needing to make a call or send a text. Safety first!

  • Remember where you parked: After navigating somewhere, use Google Maps to save your parking location so you’ll never have a “Dude, where’s my car?” moment again.

  • Avoid the lines: Forgot the pumpkin pie at home? Head to the grocery store, but not before checking the estimated wait time on Google Maps and Search to make sure you’re not wasting precious time in line.

  • Plan a group activity in a snap: Deciding on a place to go with your entire family can be a recipe for disaster—but it doesn’t have to be. Simply long press on any place to add it to a shortlist that you can share. Vote on a place and voilà! Crisis averted.

  • Airport maps: If you’re flying for Thanksgiving, use Google Maps to orient yourself around an airport. Find your terminal, stores, restrooms, baggage claim and more at a glance.


No matter where you’re headed for Thanksgiving dinner this year, Google Maps can help you get there before the turkey gets cold.


An Update on Project Treble

Posted by Iliyan Malchev, Project Treble Architect

Last week at the 2018 Android Dev Summit, we demonstrated the benefits of Project Treble by showing the same Generic System Image (GSI) running on devices from different OEMs. We highlighted the availability of GSI for Android 9 Pie that app developers can use to develop and test their apps with Android 9 on any Treble-compliant device.

Launched with Android Oreo in 2017, Project Treble has enabled OEMs and silicon vendors to develop and deploy Android updates faster than what was previously possible. Since then, we've been working with device manufacturers to define Vendor Interfaces (VINTF) and draw a clear separation between vendor and framework code on Android devices.

Going forward, all devices launching with Android 9 Pie or later will be Treble-compliant and take full advantage of the Treble architecture to deliver faster upgrades. Thanks to Treble, we expect to see more devices from OEMs running Android 9 Pie at the end of 2018 as compared to the number of devices that were running Android Oreo at the end of 2017.

The GSI is built from the latest available AOSP source code, including the latest bug fixes contributed by OEMs. Device manufacturers already use GSI to validate the implementation of the vendor interface on their devices, and Android app developers can now harness the power of the GSI to test their apps across different devices. With GSI, you can test your apps on a pure AOSP version of the latest Android dessert, including the latest features and behavior changes, on any Treble-compliant device that's unlocked for flashing.

We're continuing to work on making GSI even more accessible and useful for app developers. For example, the GSI could enable early access to future Android platform builds that you can run on a Treble-compliant Android 9 device, so you could start app development and validation before the AOSP release.

If you are interested in trying GSI today, check out the documentation for full instructions on how to build GSI yourself and flash it to your Treble-compliant device.