Monthly Archives: September 2017

#teampixel proves you can take a good photo anywhere

We’re always excited to see what #teampixel photographs next. This week’s photos capture everything from the tombs and temples in Jordan to the crestfallen leaves of autumn, proving a good photo can be taken anywhere.   


Special shout out to today’s Instagram feature, @oxykostin, for a magical photo that takes us under the sea. Don’t forget to tag your photos with #teampixel, and you might see yourself featured next!

Keystore Key Attestation

Posted by Shawn Willden, Software Engineer

Android's keystore has been available for many years, providing app developers with a way to use cryptographic keys for authentication and encryption. Keystore keeps the key material out of the app's process space, so that the app cannot inadvertently reveal it to the user where it could be phished, leak it through some other channel, or have it compromised in the event of a compromise of the app. Many devices also provide hardware-based security for keystore keys in secure hardware, which keeps the key material out of the Android system entirely, so that the key material cannot be leaked even by a Linux kernel compromise. In the vast majority of Android devices, secure hardware is a special mode of the main CPU, with hardware-enforced isolation from the Linux kernel and Android userspace. Alternatively, some devices use a separate secure microprocessor.

Android provides APIs that allow the app to determine whether a given keystore key is in secure hardware, but these APIs could be unreliable if the operating system has been compromised. Key attestation provides a way for a device's secure hardware to verify that an asymmetric key is in secure hardware, protected against compromise of the Android OS.

History of Keystore

Keystore was originally introduced in Android 4.0 and keys were encrypted with the user's passcode. In Android 4.1 the infrastructure to use device secure hardware was added.

Up until Android 6.0, Keystore supported RSA and ECDSA. In Android 6.0, Keystore was significantly enhanced, adding support for AES and HMAC. Also, other crucial elements of cryptographic operations, such as RSA padding1 and AES block chaining2 modes were moved into secure hardware.

In Android 6.0, Keystore also gained the ability to restrict the ways in which a particular key could be used. The most obviously useful restriction that can be applied is user authentication binding. This allows a key's usage to be "bound" to the user's passcode—their PIN, pattern, or password—or fingerprint. For passcode authentication binding, the app developer can specify a timeout in seconds. If more than the specified time has elapsed since the user last entered their passcode, the secure hardware refuses any requests to use the key. Fingerprint-bound keys require a new user authentication each time the key is used.

Other, more technical, restrictions can be applied to Android 6.0+ keys as well. In particular, at point of key creation or import, it is necessary to specify the cryptographic purposes (encrypt, decrypt, sign, or verify) for which the key may be used, as well as padding and block modes, digests, source of entropy for initialization vectors or nonces, and other details of the cryptographic operation. Because the specified information is permanently and cryptographically bound to the key material, Keystore won't allow the key to be used in any other way. Therefore, an attacker who gains control of the app or the system can't misuse the key. To help prevent attacks, developers should specify the narrowest possible range of uses for a given key.

One of the most important changes to Android Keystore was introduced in Android 7.0. New devices that launch with Android 7.0+ with a secure lock screen must have secure hardware and support hardware-based passcode authentication and keystore keys. Prior to Android 7.0, secure hardware support was widespread, but over the next few years it will become universal.

In Android 8.0, key attestation was made mandatory for all new devices that ship with Google Play installed.

Why use key attestation?

Suppose you're developing an app to provide a bank's customers with access to their bank balance, transaction history, and bill pay system. Security is important; you don't want anyone who picks up the user's phone to have access to their the bank account. One approach would be to use the user's web site password. But that's often inconvenient for the user because web sites often demand long, complex passwords, which are inconvenient on a small touchscreen.

With Android Keystore, you can generate an asymmetric authentication key, such as a 256-bit ECDSA key, and have each user sign in with their complex web password once, then register the public key in the bank's customer account database. Each time they open the app, you can execute a challenge-response authentication protocol using that ECDSA key. Further, if you make the key authentication-bound, the user can authenticate with their lock screen passcode or fingerprint each time they open the app. That allows them to use the simpler and more convenient authentication mechanism on their phone.

If an attacker compromises Android and attempts to extract the key, they shouldn't be able to because the key is in secure hardware.

As an app developer, key attestation allows you to verify on your server that the ECDSA key your app requested actually lives in secure hardware. Note that there's little point in using the attestation in your app itself; if the Android OS is uncompromised and trustworthy, then you can just use the KeyInfo class introduced in 6.0 to discover whether the key is in secure hardware. If it is compromised, then that API and any attempt you make to validate the attestation on device are both unreliable.

Note that key attestation is distinct from SafetyNet attestation. They're the same concept, but attest to different things and come from different places. Keystore key attestation affirms that a crypto key lives in secure hardware and has specific characteristics. SafetyNet attestation affirms that a device is real (not an emulator) and that it's running known software. SafetyNet uses Keystore key attestation under the covers, so if you want to know about device integrity use that. If you want to confirm that your key is in secure hardware, use key attestation.

For details and sample code, see the key attestation training article on developer.android.com.

Notes


  1. Keystore supports the recommended OAEP and PSS padding modes for RSA encryption and signing, respectively, as well as the older PKCS#1 v1.5 modes. 

  2. Keystore supports GCM, CBC and ECB block chaining modes. 

Making Android better for kids and families

We spend a lot of time thinking about how to make Android work for everyone. Whether it’s giving people their choice of device, or helping app developers make their apps more accessible, we think Android is at its best when more people have access to the power of mobile technology. And that includes kids. Kids are the most curious among us, and technology can be an avenue for them to express their creativity and to help them learn—whether they’re doing research for a school report, learning to string together a few chords on a guitar, or just playing their favorite games. At the same time, we want parents and kids to navigate technology together in a way that makes sense for their family.


Today, we’re happy to announce that Family Link, our solution for bringing kids and their parents into the Android ecosystem, is now available to parents in the United States without an invitation. Parents can also create a Google Account for their kid right from Android setup, and then manage their kid’s account and device with Family Link.


This is the next step in our journey, but we’re far from done. We’ve been humbled by the response from those who have already been using Family Link, and want to say thank you. We appreciate the positive pieces of feedback, as well as the many feature requests, and will continue to listen to your feedback as the product evolves.

Unicorn2

Getting started with Family Link


When you're setting up your kid's Android device (see available devices), Google asks you to create an account. Enter your kid’s birthday, and if they’re under 13, you’ll be asked to provide consent to create the account. Once that's done, Family Link will automatically be downloaded to your kid's device, and you can choose the apps and settings that you want for your child. Once your kid’s device is setup, download Family Link on your own device, and you can use it to do things like:


  • Manage the apps your kid can use: Approve or block the apps your kid wants to download from the Google Play Store.

  • Keep an eye on screen time: See how much time your kid spends on their favorite apps with weekly or monthly activity reports, and set daily screen time limits for their device.

  • Set device bedtime: Remotely lock your kid’s device when it’s time to play, study, or sleep.


Family Link can help you set certain digital ground rules that work for your family, whether you’re occasionally checking in on your kid’s device activity, or locking their device every day before dinner time.


If you have questions about setting up an account for your kid or using Family Link, check out our Help Center.

Making Android better for kids and families

We spend a lot of time thinking about how to make Android work for everyone. Whether it’s giving people their choice of device, or helping app developers make their apps more accessible, we think Android is at its best when more people have access to the power of mobile technology. And that includes kids. Kids are the most curious among us, and technology can be an avenue for them to express their creativity and to help them learn—whether they’re doing research for a school report, learning to string together a few chords on a guitar, or just playing their favorite games. At the same time, we want parents and kids to navigate technology together in a way that makes sense for their family.


Today, we’re happy to announce that Family Link, our solution for bringing kids and their parents into the Android ecosystem, is now available to parents in the United States without an invitation. Parents can also create a Google Account for their kid right from Android setup, and then manage their kid’s account and device with Family Link.


This is the next step in our journey, but we’re far from done. We’ve been humbled by the response from those who have already been using Family Link, and want to say thank you. We appreciate the positive pieces of feedback, as well as the many feature requests, and will continue to listen to your feedback as the product evolves.

Unicorn2

Getting started with Family Link


When you're setting up your kid's Android device (see available devices), Google asks you to create an account. Enter your kid’s birthday, and if they’re under 13, you’ll be asked to provide consent to create the account. Once that's done, Family Link will automatically be downloaded to your kid's device, and you can choose the apps and settings that you want for your child. Once your kid’s device is setup, download Family Link on your own device, and you can use it to do things like:


  • Manage the apps your kid can use: Approve or block the apps your kid wants to download from the Google Play Store.

  • Keep an eye on screen time: See how much time your kid spends on their favorite apps with weekly or monthly activity reports, and set daily screen time limits for their device.

  • Set device bedtime: Remotely lock your kid’s device when it’s time to play, study, or sleep.


Family Link can help you set certain digital ground rules that work for your family, whether you’re occasionally checking in on your kid’s device activity, or locking their device every day before dinner time.


If you have questions about setting up an account for your kid or using Family Link, check out our Help Center.

Source: Android


Use Google Drive and the Files app to organize content on your iOS 11 device

With Google Drive, you can access and edit your files across the many devices and platforms you work on. The new Files app for iOS 11 brings together files and documents stored on your iOS device and in the cloud across various apps and services. Today, we’re announcing full integration of the Drive application with the Files app on devices running iOS 11.


With the latest version of the Drive app installed, you can easily access and manage documents and photos stored in Drive just by opening up the Files app on your iOS device. If you have Google Docs, Sheets, or Slides apps installed as well, tapping on any Google document, spreadsheet, or presentation in the Files app will open the app of the associated Google editor. You can also take advantage of new iOS 11 features like dragging and dropping files between apps and folders in the Files App.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to all G Suite editions

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

More Information
Help Center: How to use Google Drive on iPhone and iPad

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates

Updating our Transparency Report and electronic privacy laws

Today, we are releasing the latest version of our Transparency Report concerning government requests for user data. This includes government requests for user data in criminal cases, as well as national security matters under U.S. law. Google fought for the right to publish this information in court and before Congress, and we continue to believe that this type of transparency can inform the broader debate about the nature and scope of government surveillance laws and programs.


In the first half of 2017, worldwide, we received 48,941 government requests that relate to 83,345 accounts. You can see more detailed figures, including a country-by-country breakdown of requests, here. We’ve also posted updated figures for the number of users/accounts impacted by Foreign Intelligence Surveillance Act (FISA) requests for content in previous reporting periods. While the total number of FISA content requests was reported accurately, we inadvertently under-reported the user/account figures in some reporting periods and over-reported the user/account figures in the second half of 2010. The corrected figures are in the latest report and reflected on our visible changes page.


Updating Electronic Privacy Laws


We are publishing the latest update to our Transparency Report as the U.S. Congress embarks upon an important debate concerning the nature and scope of key FISA provisions. Section 702 of the FISA Amendments Act of 2008 expires at the end of 2017. This is the section of FISA that authorizes the U.S. government to compel service providers like Google to disclose user data (including communications content) about non-U.S. persons in order to acquire “foreign intelligence information.”


Earlier this year, we expressed support for specific reforms to Section 702. We continue to believe that Congress can enact reforms to Section 702 in a way that enhances privacy protection for internet users while protecting national security. Independent bodies have concluded that Section 702 is valuable and effective in protecting national security and producing useful foreign intelligence. These assessments, however, do not preclude reforms that improve privacy protections for U.S. and non-U.S. persons and that do not disturb the core purposes of Section 702.


Government access laws are due for a fundamental realignment and update in light of the proliferation of technology, the very real security threats to people, and the expectations of privacy that Internet users have in their communications. Our General Counsel, Kent Walker, delivered a speech earlier this year calling for a new framework to address cross-border law enforcement requests. Updates to the Electronic Communications Privacy Act (ECPA) will be necessary to create a legal framework that addresses both law enforcement and civil liberties concerns.


The recent introduction of the International Communications Privacy Act (ICPA) in the Senate and the House is a significant step in the right direction, and we applaud Senators Hatch, Coons, and Heller and Representatives Collins, Jeffries, Issa, and DeBene for their leadership on this important bill. ECPA should also be updated to enable countries that commit to baseline privacy, due process, and human rights principles to make direct requests to U.S. providers. Providing a pathway for such countries to obtain electronic evidence directly from service providers in other jurisdictions will remove incentives for the unilateral, extraterritorial assertion of a country’s laws, data localization proposals, aggressive expansion of government access authorities, and dangerous investigative techniques. These measures ultimately weaken privacy, due process, and human rights standards.


We look forward to continuing in the constructive discussion about these issues.


Updating our Transparency Report and electronic privacy laws

Today, we are releasing the latest version of our Transparency Report concerning government requests for user data. This includes government requests for user data in criminal cases, as well as national security matters under U.S. law. Google fought for the right to publish this information in court and before Congress, and we continue to believe that this type of transparency can inform the broader debate about the nature and scope of government surveillance laws and programs.


In the first half of 2017, worldwide, we received 48,941 government requests that relate to 83,345 accounts. You can see more detailed figures, including a country-by-country breakdown of requests, here. We’ve also posted updated figures for the number of users/accounts impacted by Foreign Intelligence Surveillance Act (FISA) requests for content in previous reporting periods. While the total number of FISA content requests was reported accurately, we inadvertently under-reported the user/account figures in some reporting periods and over-reported the user/account figures in the second half of 2010. The corrected figures are in the latest report and reflected on our visible changes page.


Updating Electronic Privacy Laws


We are publishing the latest update to our Transparency Report as the U.S. Congress embarks upon an important debate concerning the nature and scope of key FISA provisions. Section 702 of the FISA Amendments Act of 2008 expires at the end of 2017. This is the section of FISA that authorizes the U.S. government to compel service providers like Google to disclose user data (including communications content) about non-U.S. persons in order to acquire “foreign intelligence information.”


Earlier this year, we expressed support for specific reforms to Section 702. We continue to believe that Congress can enact reforms to Section 702 in a way that enhances privacy protection for internet users while protecting national security. Independent bodies have concluded that Section 702 is valuable and effective in protecting national security and producing useful foreign intelligence. These assessments, however, do not preclude reforms that improve privacy protections for U.S. and non-U.S. persons and that do not disturb the core purposes of Section 702.


Government access laws are due for a fundamental realignment and update in light of the proliferation of technology, the very real security threats to people, and the expectations of privacy that Internet users have in their communications. Our General Counsel, Kent Walker, delivered a speech earlier this year calling for a new framework to address cross-border law enforcement requests. Updates to the Electronic Communications Privacy Act (ECPA) will be necessary to create a legal framework that addresses both law enforcement and civil liberties concerns.


The recent introduction of the International Communications Privacy Act (ICPA) in the Senate and the House is a significant step in the right direction, and we applaud Senators Hatch, Coons, and Heller and Representatives Collins, Jeffries, Issa, and DeBene for their leadership on this important bill. ECPA should also be updated to enable countries that commit to baseline privacy, due process, and human rights principles to make direct requests to U.S. providers. Providing a pathway for such countries to obtain electronic evidence directly from service providers in other jurisdictions will remove incentives for the unilateral, extraterritorial assertion of a country’s laws, data localization proposals, aggressive expansion of government access authorities, and dangerous investigative techniques. These measures ultimately weaken privacy, due process, and human rights standards.


We look forward to continuing in the constructive discussion about these issues.


Daydream Labs: Interactive scenes with Blocks objects

Since the launch of Blocks, people have been enthusiastically creating and sharing their amazing models with the community. So we asked ourselves: what would it be like to use Blocks objects to create an entire interactive scene?

Turns out it’s possible. In an experiment our team built recently, we created a system that lets people make their own "Escape the Room" experience in VR. Every object in the game is made from Blocks objects, including typical stuff like a flashlight, desk, bookcase, and the obligatory keypad, but also even the room itself.

Throw in some lighting, and the result is a scene with exactly the cartoonishly spooky vibe we were going for. Not a room you'd want to be trapped in for too long!

BlockScene

To get everything to work, we had to define how objects interact. We could’ve just written that directly in our code, but our goal was to allow anybody to create these experiences—no programming knowledge required. So we created a simple system of triggers and actions that allows the creator to indicate what happens next in response to certain events.

The system can express concepts such as "when the battery object collides with the flashlight object, activate the light object." The light happens to be a spotlight located at the tip of the flashlight object, so when the player places the battery in the right place, a cone of light will shine forward and move with the flashlight.

Using this simple trigger/action system, we built a number of other puzzles in the room, like opening a locked chest with a key, placing a book in a sliding bookcase and figuring out the combination to enter on a keypad.

Blockscenegif

Combining Blocks objects to create interactive scenes was a lot of fun. Because Blocks has a consistent low-poly visual style, the result of our efforts was an engaging environment where everything fit well together, even though objects were made by many different people on our team.

We learned a few other things along the way. First, the ability to add interactivity to a scene is super important, and a wide range of interactive scenes can be built from the simple primitives we had set up with our trigger and action system. Most of the interactions could be expressed as collisions (key and lock, battery and flashlight, book and bookcase) and simple actions like showing/hiding or animating particular objects.

Next, setting up the rendering was almost no work at all, because Blocks objects are low-poly and work well with simple materials. We just used the standard diffuse shaders for the opaque surfaces and a simple translucent one for the glass surfaces. Combining that with an ambient light and a spotlight achieved the rendering effect that we wanted.

Last, we set up a simple animation system where we pre-recorded the motions of certain objects and expressed them as a sequence of transformations (position, rotation, scale). This rudimentary animation system worked well when moving solid objects like a bookcase or the lid of a chest, but we’d need something more elaborate if we were to do character animation, perhaps using what we learned from our experiments on animating Blocks models. What’s more, adjusting the colliders for the objects to ensure they interacted correctly required some manual tweaks. In order to scale this, it might be worth looking into automatically generating simple colliders for objects.

Scene building and interactivity with Blocks objects are exciting areas for experimentation, and we're looking forward to seeing what other applications developers will come up with in this space.

Google Fiber now available in over 3,000 apartment and condominium communities

A little over five years ago, Google Fiber fiber launched a different kind of internet and TV service to the first single family home in Kansas City. Pretty soon after that, we heard from apartments and condos interested in partnering with Google Fiber to bring superfast internet and TV to their residents. To make this happen, we’ve worked closely with national and local real estate developers, property managers, and condo boards to bring Google Fiber to multi-family communities across the United States.

Today, we’re excited to report that we have activated Google Fiber service in over 3,000 multi-family communities across our Fiber cities, plus an additional 300 Community Connections, which, in partnership with local nonprofit organizations, provide Internet access and digital literacy tools to digitally divided communities.

We didn’t do this alone -- our real estate and organizational partners made this a reality for their residents. It’s a collaborative effort -- working with each property, we identify the best way to serve their residents from the beginning of construction to installation and our ongoing service. Each project is unique. We start with the design process and continue to ensure that managers can use Google Fiber as a way to differentiate their property to prospective residents. Google Fiber has brought thousands of eyes to real estate partner websites, and we’ve been lucky enough to be the chosen provider for internet for thousands of their residents.

Building on these partnerships, we’ve recently expanded our commitment to become a technology partner by launching the Google Hardware Program. This program is designed to help properties capitalize on the smart home ecosystem by offering preferred pricing on Google Home, Nest Thermostats, and other devices. It’s still early, but we are very excited to help real estate partners explore the future of the “connected home” in apartments and condos.

And we're lucky to work with some incredible partners across our markets:




Sound like something you might want to check out? If you are looking for a place to live with Google Fiber, check out the Google Fiber Apartment Finder to find a property in your area. If you are a developer who would be interested in becoming a Google Fiber partner, please tell us more about your property here, and a member of our team will reach out to you.

Thanks to all our real estate partners across all of our Fiber cities — we look forward to bringing superfast Internet to more buildings and their residents!

Posted by Lee Bienstock, Head of Partnerships