Bringing more of Google’s productivity apps to Glass Enterprise

Imagine translating instructions into a colleague’s native language in real-time. Or instantly crossing off daily tasks as you complete them. That’s part of our vision for augmented reality (AR), which has the potential to transform how companies and their frontline workers access information and make informed decisions while collaborating with their teams. We’re working to create a more natural and intuitive way to seek, interact with, and use information in the real world through AR.

Today, we are revealing a new early access program focused on bringing more of Google’s productivity apps and collaboration tools to the Glass Enterprise platform. Companies interested in Glass Enterprise most often request AR features that help people communicate and complete tasks. Starting today, we're introducing the opportunity for Google Workspace enterprise customers to partner with us in testing features focused on task completion, communication, and collaboration.

A more connected and efficient workforce with Glass Enterprise

Since 2017, Glass Enterprise has helped companies utilize AR to help employees work smarter, faster and hands-free. Working with software publishers that create bespoke solutions for companies, Glass Enterprise has helped customers like DB Schenker increase warehouse efficiency by 10%. Wendy's used Glass Enterprise to support food safety, quality practices and oversight of suppliers and distribution centers, as well as remote training and education for restaurant team members.

In 2020, we announced Google Meet on Glass Enterprise to give teams a first-person view of the wearer’s perspective — enabling real-time collaboration and problem solving. Since we launched Meet on Glass, remote team members have stayed connected for more than 750,000 minutes. Meet on Glass is generally available to anyone with Glass Enterprise.

Testing new features within our early access program

As part of this program, we’re expanding our productivity and collaboration offerings to include three new features across Google Tasks, language capabilities and photos:

  1. See step-by-step instructions: Tasks capabilities on Glass Enterprise provide hands-free access to step-by-step instructions to ensure accuracy and efficiency. Using any supported device, a warehouse manager can create a workflow on Tasks and share it directly to a teammate preparing a shipment, who can see and cross-off tasks in real-time on the Glass Enterprise display.
  2. Enable natural communication: Language capabilities like translation and transcription on Glass Enterprise help a global workforce understand, train and collaborate, regardless of language. This feature currently supports 15 languages with plans to add more in the near future. With Glass Enterprise, an employee who doesn’t share a common language with their manager can see direct translations in their line-of-sight.
  3. Collaborate securely: Glass Enterprise can now save images directly to your Pixel phone so you can seamlessly capture photos and share them across teams with Google Photos. Wearers can easily back up and share images and videos to check inventory, audit for quality, or diagnose and review equipment while being hands-free.

These capabilities are made possible by a new phone-enabled platform that uses the computing power of Google Tensor silicon on Pixel. This platform delivers more powerful and unique AR graphics and features on the Glass Enterprise display. It’s controlled by the Glass Enterprise Companion App, making it easier for workers to set up and manage settings out of the box.

  • A woman with black hair touches her Google Glass Enterprise Edition eyewear while standing behind stacked cardboard boxes. She selects the Tasks function on her device, with an image popping up in her vision.
  • A video shows two people in white construction helmets and green vests talking about their work in different languages while wearing their Google Glass Enterprise Edition to translate into their native language.
  • A video shows a man with a white construction helmet and an orange vest picking up his black phone to edit the brightness settings within the Google Glass Enterprise Edition companion app.

We look forward to expanding access as we learn alongside our partners in the coming months, and to the release of more helpful AR features in upcoming programs.

If you are a current Workspace customer interested in testing how these new AR tools can benefit your team, apply to join our Glass Enterprise early access program.

How AI is helping African communities and businesses

Editor’s note: Last week Google hosted the annual Google For Africa eventas part of our commitment to make the internet more useful in Africa, and to support the communities and businesses that will power Africa’s economic growth. This commitment includes our investment in research. Since announcing the Google AI Research Center in Accra, Ghanain 2018, we have made great strides in our mission to use AI for societal impact. In May we made several exciting announcements aimed at expanding these commitments.

Yossi Matias, VP of Engineering and Research, who oversees research in Africa, spoke with Jeff Dean, SVP of Google Research, who championed the opening of the AI Research Center, about the potential of AI in Africa.

Jeff: It's remarkable how far we've come since we opened the center in Accra. I was excited then about the talented pool of researchers in Africa. I believed that by bringing together leading researchers and engineers, and collaborating with universities and the wider research community, we could push the boundaries of AI to solve critical challenges on the continent. It’s great to see progress on many fronts, from healthcare and education to agriculture and the climate crisis.

As part of Google For Africa last week, I spoke with Googlers across the continent about recent research and met several who studied at African universities we partner with. Yossi, from your perspective, how does our Research Center in Accra support the wider research ecosystem and benefit from it?

Yossi: I believe that nurturing local talent and working together with the community are critical to our mission. We've signed research agreements with five universities in Africa to conduct joint research, and I was fortunate to participate in the inauguration of the African Master of Machine Intelligence (AMMI) program, of which Google is a founding partner. Many AMMI graduates have continued their studies or taken positions in industry, including at our Accra Research Center where we offer an AI residency program. We've had three cohorts of AI residents to date.

Our researchers in Africa, and the partners and organizations we collaborate with, understand the local challenges best and can build and implement solutions that are helpful for their communities.

Jeff: For me, the Open Buildings initiative to map Africa's built environment is a great example of that kind of collaborative solution. Can you share more about this?

Yossi: Absolutely. The Accra team used satellite imagery and machine learning to detect more than half a billion distinct structures and made the dataset available for public use. UN organizations, governments, non-profits, and startups have used the data for various applications, such as understanding energy needs for urban planning and managing the humanitarian response after a crisis. I'm very proud that we are now scaling this technology to countries outside of Africa as well.

Jeff: That's a great achievement. It's important to remember that the solutions we build in Africa can be scalable and useful globally. Africa has the world's youngest population, so it's essential that we continue to nurture the next generation of tech talent.

We must also keep working to make information accessible for this growing, diverse population. I’m proud of our efforts to use machine translation breakthroughs to bring more African languages online. Several languages were added to Google translate this year, including Bambara, Luganda, Oromo and Sepedi, which are spoken by a combined 85 million people. My mom spoke fluent Lugbara from our time living in Uganda when I was five—Lugbara didn't make the set of languages added in this round, but we're working on it!

Yossi: That's just the start. Conversational technologies also have exciting educational applications that could help students and businesses. We recently collaborated with job seekers to build the Interview Warmup Tool, featured at the Google For Africa event, which uses machine learning and large language models to help job seekers prepare for interviews.

YouTube video about preparing for your next interview
10:25

Jeff: Yossi, what’s something that your team is focused on now that you believe will have a profound impact on African society going forward?

Yossi: Climate and sustainability is a big focus and technology has a significant role to play. For example, our AI prediction models can accurately forecast floods, one of the deadliest natural disasters. We're collaborating with several countries and organizations across the continent to scale this technology so that we can alert people in harm's way.

We're also working with local partners and startups on sustainability projects including reducing carbon emissions at traffic lights and improving food security by detecting locust outbreaks, which threaten the food supply and livelihoods of millions of people. I look forward to seeing many initiatives scale as more communities and countries get on board.

Jeff: I'm always inspired by the sense of opportunity in Africa. I'd like to thank our teams and partners for their innovation and collaboration. Of course, there’s much more to do, and together we can continue to make a difference.

A Google Ads expert uses her skills to support nonprofits

Lauriane Giuranna is a Google Ads specialist, working with advertisers to make the best out of Google’s digital marketing tools. When she had the chance to use her skills to help gender equity nonprofits boost their visibility online, she immediately raised her hand. As part of a Google’s rotation program (an opportunity for employees to take a temporary role within a different team), Lauriane worked full-time for three months providing digital marketing support to select nonprofits. We chatted with her to hear more about the experience.

Tell us a little bit more about yourself.

In September 2019 — just after college — I joined Google in Dublin, Ireland as a Google Ads Specialist for the French Market. Outside of work, social impact has always been close to my heart. Before moving to Ireland I was volunteering to provide services to homeless and underserved communities in my hometown, Paris.

How have you used your role at Google to continue focusing on social impact?

One of the reasons I joined Google was its intrinsic commitment to social impact. Still, it surprised me to see the amount of opportunities I had to get involved in side projects that mattered to me and to have managers encouraging me to take them on. When the pandemic hit and domestic abuse reached new heights, I started supporting a French nonprofit that assists gender-based violence victims with their Google Ad Grants account, a program that donates ads on Google Search to eligible nonprofits.

Lauriane, the interviewee, sitting on a swing and holding the swing ropes with two hands

Lauriane at the Google office in Dublin

Tell us more about the 3-month rotation and why it was focused on gender equity.

Gender equity is a matter of human rights and global prosperity and over time, we’ve seen a growing interest in the topic on Google Search. Last year, Google.org announced the 34 recipients of the $25 million Google.org Impact Challenge for Women and Girls. Google realized the need to help gender equality organizations promote online content and boost their visibility to help people in need find trusted information. Google.org worked with a few select Impact Challenge recipients to provide additional support on Google Ad Grants.

What was your day-to-day work like during the rotation?

I focused on 10 women and girls organizations. I set up campaigns and looked into metrics to improve and optimize performances. I also hosted office hours and delivered more than 15 hours of product training for 20 nonprofits professionals to use Google Ad Grants. I wanted to make sure the nonprofits could continue to use the product successfully.

Can you share an example?

I worked with Girls Inc. of NYC, an Impact Challenge recipient on a mission to deliver life transforming programs so that girls and women can thrive. When I first met with Lily Chang, chief development officer, we defined the marketing plan and set some measurable goals, like increasing newsletter sign-ups. Girls Inc. of NYC had never used Ad Grants before and leveraged our Google technical team to implement conversion tracking. We then built and tested several campaigns to reach more supporters across the U.S. The impact is tangible — the website traffic has doubled and almost 20% of newsletter sign-ups and 9% of donations now come after a click on an ad.

You accomplished a lot in three months! What was the personal impact on you?

I developed skills that gave me a good steer on my career growth. I would love to continue working with nonprofits and I now feel much more prepared.

To learn more about Google’s product giving and Google.org, visit google.com/nonprofits and google.org.

Bringing British history to life through images

In the words of the American writer Susan Sontag, “To collect photographs is to collect the world.” And to see the world as it was, from dramatic historical events to the quirks of everyday life, there’s no better place to begin than a photo archive. Newspapers – whose photojournalists capture everything from grand state ceremonies to dog-grooming competitions – provide us with some of our most important archives.

The Daily Herald Archive has more than three million photographs of life in Britain during the 20th century. Founded in 1912, the Daily Herald was in print for 52 years, spanning two World Wars, the postwar era and the swinging ‘60s. Today, the archive provides a unique portrait of a country undergoing great change, while also documenting local eccentricities and everyday life. Now held at the National Science Media Museum in Bradford, the Daily Herald Archive is the Science Museum Group’s largest collection.

Today, Google Arts & Culture is launching a new digital hub that showcases this incredible archive of more than 70,000 digitized artifacts, along with a new AI-powered experiment that allows you to explore and create your very own edition of the Daily Herald.

Gif showing a selection of images from The Daily Herald newspaper

Did you know...? The Daily Herald was once the UK’s most popular newspaper.

The Daily Herald became the first paper to achieve two million daily net sales back in June 1933. Founded in 1912 by members of the British labor movement, the newspaper was known for its anti-establishment stance, its socialist politics and innovative use of photojournalism.

The archive provides a vivid snapshot of British life

The Daily Herald Archive contains pivotal moments in global history alongside day-to-day activities of Britons across the country. Fromdog shows to gymnastics, users can enjoy an authentic portrait of 20th-century Britain.

It contains bonafide masterpieces

Many of the photos in the Daily Herald Archive – taken by press agencies, freelance photographers as well as by Daily Herald photographers – are real masterpieces of photographic art and composition. Check out this image of fountain swimming and this one of awoman making light bulbs.

Alfred Hitchcock!

In 1928, The Daily Herald openeda contest for the public to submit photographs or ‘snaps’ of their holidays. The rules stipulated that no professional photographs would be considered. The competition proved exceedingly popular, with none other than cinematic great Alfred Hitchcock joining the panel of judges in 1936.

The Daily Herald’s story was nearly over before it had begun

The Daily Herald had a very uncertain start to life – it actually stopped publishing after its first four months. The newspaper began as a strike sheet for the London printing unions, but once the fight for better working conditions was won, the Herald closed its doors on 28 April 1911. However, as it had proved so popular, the paper relaunched the next year.

  • Old, black and white photograph of a smiling woman holding a giant cabbage

    Woman with giant cabbage. Edward George Malindne, Daily Herald, 1933. © Mirrorpix

  • A black and white photograph of two women building radios

    Two women building radios, 1933. © The rights holder

  • A black and white photograph of a group of steeplejacks working high above the ground

    A group of steeplejacks who specialised in working high above ground. Edward George Malindine, Daily Herald, 1934. © Mirrorpix

  • A black and white photograph of a group of people standing reading the Daily Herald

    Daily Herald readers. George Woodbine, Daily Herald, 1933. © Mirrorpix

  • A black and white photograph of women picking mushrooms

    Women picking mushrooms, Daily Herald 1966. © Mirrorpix

How to enjoy the collection

Now, you can explore the Daily Herald Archive from anywhere in the world.

The new experiment on Google Arts & Culture, My Daily Herald, allows you to create an AI-powered personalized newspaper that takes the first edition of the Daily Herald as its starting point, and invites you to create your own bespoke version. The experiment uses Optical Character Recognition and Natural Language Processing to create the metadata and imagine what an edition of the Daily Herald might look like today.

The hub draws all this together alongside explanatory stories authored by the National Science and Media Museum archive and curatorial team. These explore key topics and themes such as: the history of Kodak photography, Women in radio and A history of the Ideal Home Show.

So jump right in and discover this extraordinary archive: goo.gle/dailyheraldarchive

Easier ways for brands to manage suitability across Google

With the rise of streaming, content creation is more diverse than ever before and consumers have more choice than ever on what to watch. In a content-rich world, we want to make it easier for advertisers to feel confident in the environments where their brands appear, to reach new consumers and grow their businesses. That's why we're excited to launch a new content suitability center in Google Ads, bringing together everything you need to manage our best-in-class suitability settings, for all campaigns on YouTube and the Google Display Network.

Evolving with your brand suitability needs

Teams across YouTube and Google spent the past two years working directly with brands to better understand their needs and preferences as it relates to suitability. We consistently found that when advertisers knew how to better navigate suitability controls, they experienced performance benefits — ranging from increased reach and view-through rates to decreased cost-per-view. We’ve used this information to further advance our suitability offering.

Through streamlined controls, the new content suitability center will take out the guesswork for brands in curating the environments that align with their values.

Streamlining how you manage controls

Previously, managing suitability settings was done in multiple, segregated sections of Google Ads and the experience differed across Google platforms. This led to a time-consuming and cumbersome implementation process, along with misconceptions and misuse of the controls. While exclusions can be helpful tools, brands also want to be mindful of the types of content they choose to exclude. Over-exclusion can negatively impact your cost and reach. It can also unintentionally exclude great, brand-safe content or content relevant to diverse communities.

Now, you’ll find all suitability controls under a single point-of-entry, making it faster and easier to set your preferences.

Image of content suitability page available under the Tools and Settings tab in Google Ads

Use the content suitability center to easily set your suitability preferences for inventory modes and exclusions across YouTube and the Google Display Network

When you enter the suitability center, you may select one of the three inventory modes that’s right for your brand. Inventory modes cater to your preferences for various sensitive themes, such as profanity, sexual suggestiveness and violence.

From there, if you have more nuanced needs, you can fine-tune additional exclusions. For example, a body-positive brand may prefer to exclude diet regimens or weight-loss content, while a luxury brand may prefer not to appear alongside content about sales or bargain hauls.

Once you have designated your preferences at the account level, Google Ads will now automatically apply these settings to your future campaigns. It removes the need to repeat the process for each new campaign. This update is designed to reduce human error when launching campaigns.

Bringing increased efficiency across Google

Our multi-year investments in policies, advertiser guidelines and product features are based on our commitment to protect our viewers, creators and advertisers. When YouTube became the first digital platform to receive content-level brand safety accreditation from the Media Rating Council (MRC), it was a testament to the investments we’ve made in responsibility, YouTube's top priority.

We have ensured that YouTube advertising meets 99% effectiveness for brand safety across in-stream, livestream, Shorts and Watch Next & Home feed content.[576b88]We automatically exclude content not aligned with our requirements from appearing alongside ads. Our progress in brand safety has positioned us to now double down with increased investments in our gold-standard suitability offerings — not just for YouTube, but across Google.

Suitability settings work on top of our brand safety systems to give you more control over the content surrounding your ads — content that, while in compliance with our policies, may not resonate with your unique brand values.

“Giving advertisers and agencies control over where their ads show up has been a tangible goal for all of us in GARM (the Global Alliance for Responsible Media),” says Robert Rakowitz, Initiative Lead, GARM. “These new first-party features really help ad buyers in that they are aligned with industry standards, they bring in more formats across all of Google, and make suitability control management easier to manage across markets and brands. We’re excited to see the broader Google organization introduce these new features which add increased transparency and control.”

The content suitability center is the first of many improvements to come, allowing advertisers to more easily control the environments they want to be in and to reap the benefits of improved campaign performance. We’ll have more to share in the coming months to help you continue to align with what works best for your brand identity and navigate the growing landscape of content.

Security of Passkeys in the Google Password Manager

Posted by Arnar Birgisson, Software Engineer

We are excited to announce passkey support on Android and Chrome for developers to test today, with general availability following later this year. In this post we cover details on how passkeys stored in the Google Password Manager are kept secure. See our post on the Android Developers Blog for a more general overview.

Passkeys are a safer and more secure alternative to passwords. They also replace the need for traditional 2nd factor authentication methods such as text message, app based one-time codes or push-based approvals. Passkeys use public-key cryptography so that data breaches of service providers don't result in a compromise of passkey-protected accounts, and are based on industry standard APIs and protocols to ensure they are not subject to phishing attacks.

Passkeys are the result of an industry-wide effort. They combine secure authentication standards created within the FIDO Alliance and the W3C Web Authentication working group with a common terminology and user experience across different platforms, recoverability against device loss, and a common integration path for developers. Passkeys are supported in Android and other leading industry client OS platforms.

A single passkey identifies a particular user account on some online service. A user has different passkeys for different services. The user's operating systems, or software similar to today's password managers, provide user-friendly management of passkeys. From the user's point of view, using passkeys is very similar to using saved passwords, but with significantly better security.

The main ingredient of a passkey is a cryptographic private key. In most cases, this private key lives only on the user's own devices, such as laptops or mobile phones. When a passkey is created, only its corresponding public key is stored by the online service. During login, the service uses the public key to verify a signature from the private key. This can only come from one of the user's devices. Additionally, the user is also required to unlock their device or credential store for this to happen, preventing sign-ins from e.g. a stolen phone. 

To address the common case of device loss or upgrade, a key feature enabled by passkeys is that the same private key can exist on multiple devices. This happens through platform-provided synchronization and backup.

Passkeys in the Google Password Manager

On Android, the Google Password Manager provides backup and sync of passkeys. This means that if a user sets up two Android devices with the same Google Account, passkeys created on one device are available on the other. This applies both to the case where a user has multiple devices simultaneously, for example a phone and a tablet, and the more common case where a user upgrades e.g. from an old Android phone to a new one.

Passkeys in the Google Password Manager are always end-to-end encrypted: When a passkey is backed up, its private key is uploaded only in its encrypted form using an encryption key that is only accessible on the user's own devices. This protects passkeys against Google itself, or e.g. a malicious attacker inside Google. Without access to the private key, such an attacker cannot use the passkey to sign in to its corresponding online account.

Additionally, passkey private keys are encrypted at rest on the user's devices, with a hardware-protected encryption key.

Creating or using passkeys stored in the Google Password Manager requires a screen lock to be set up. This prevents others from using a passkey even if they have access to the user's device, but is also necessary to facilitate the end-to-end encryption and safe recovery in the case of device loss.

Recovering access or adding new devices

When a user sets up a new Android device by transferring data from an older device, existing end-to-end encryption keys are securely transferred to the new device. In some cases, for example, when the older device was lost or damaged, users may need to recover the end-to-end encryption keys from a secure online backup.

To recover the end-to-end encryption key, the user must provide the lock screen PIN, password, or pattern of another existing device that had access to those keys. Note, that restoring passkeys on a new device requires both being signed in to the Google Account and an existing device's screen lock.

Since screen lock PINs and patterns, in particular, are short, the recovery mechanism provides protection against brute-force guessing. After a small number of consecutive, incorrect attempts to provide the screen lock of an existing device, it can no longer be used. This number is always 10 or less, but for safety reasons we may block attempts before that number is reached. Screen locks of other existing devices may still be used.

If the maximum number of attempts is reached for all existing devices on file, e.g. when a malicious actor tries to brute force guess, the user may still be able to recover if they still have access to one of the existing devices and knows its screen lock. By signing in to the existing device and changing its screen lock PIN, password or pattern, the count of invalid recovery attempts is reset. End-to-end encryption keys can then be recovered on the new device by entering the new screen lock of the existing device.

Screen lock PINs, passwords or patterns themselves are not known to Google. The data that allows Google to verify correct input of a device's screen lock is stored on Google's servers in secure hardware enclaves and cannot be read by Google or any other entity. The secure hardware also enforces the limits on maximum guesses, which cannot exceed 10 attempts, even by an internal attack. This protects the screen lock information, even from Google.

When the screen lock is removed from a device, the previously configured screen lock may still be used for recovery of end-to-end encryption keys on other devices for a period of time up to 64 days. If a user believes their screen lock is compromised, the safer option is to configure a different screen lock (e.g. a different PIN). This disables the previous screen lock as a recovery factor immediately, as long as the user is online and signed in on the device.

Recovery user experience

If end-to-end encryption keys were not transferred during device setup, the recovery process happens automatically the first time a passkey is created or used on the new device. In most cases, this only happens once on each new device.

From the user's point of view, this means that when using a passkey for the first time on the new device, they will be asked for an existing device's screen lock in order to restore the end-to-end encryption keys, and then for the current device's screen lock or biometric, which is required every time a passkey is used.

Passkeys and device-bound private keys

Passkeys are an instance of FIDO multi-device credentials. Google recognizes that in certain deployment scenarios, relying parties may still require signals about the strong device binding that traditional FIDO credentials provide, while taking advantage of the recoverability and usability of passkeys.

To address this, passkeys on Android support the proposed Device-bound Public Key WebAuthn extension (devicePubKey). If this extension is requested when creating or using passkeys on Android, relying parties will receive two signatures in the result: One from the passkey private key, which may exist on multiple devices, and an additional signature from a second private key that only exists on the current device. This device-bound private key is unique to the passkey in question, and each response includes a copy of the corresponding device-bound public key.

Observing two passkey signatures with the same device-bound public key is a strong signal that the signatures are generated by the same device. On the other hand, if a relying party observes a device-bound public key it has not seen before, this may indicate that the passkey has been synced to a new device.

On Android, device-bound private keys are generated in the device's trusted execution environment (TEE), via the Android Keystore API. This provides hardware-backed protections against exfiltration of the device-bound private keys to other devices. Device-bound private keys are not backed up, so e.g. when a device is factory reset and restored from a prior backup, its device-bound key pairs will be different.

The device-bound key pair is created and stored on-demand. That means relying parties can request the devicePubKey extension when getting a signature from an existing passkey, even if devicePubKey was not requested when the passkey was created.

Continuous innovation to keep you safe online

Cybersecurity requires continual vigilance, whether it's using built-in protections, or providing resources for changing security threats. In acknowledgement of Cybersecurity Awareness Month, we wanted to share our progress across a number of security efforts, and announce a few new technologies that help us keep more people safe online than anyone else.

Continuing our efforts to keep you safer online

In the past year, we’ve worked on various security upgrades, from making sign-ins easier and more secure, to spreading awareness of specific threats. Recently, we shared our experiences from the last decade of building a world-class security operation with a behind the scenes look at our elite security teams in the new HACKING GOOGLE docuseries. Now, we’re building on our work by providing educational resources.

link to Hacking Google trailer
10:25

Today, we’re officially launching the online safety lessons we announced earlier this year. The lessons feature Khan Academy founder, Sal Khan, and Google security experts, giving actionable tips to help keep your online accounts secure, browse the web safely, detect phishing attempts and more. Whether you’re a professional, parent, grandparent or student, these videos — and Khan Academy's Internet Safety course — will help you stay safer even as new security risks emerge online.

For years, we’ve been at the forefront of improvements to authentication technology, and earlier this year we shared the progress we’ve made on our Google Password Manager in Android and Chrome, and how we’re accelerating industry-wide progress toward a passwordless future. Today, we’re announcing the next stage in this journey with the release of passkey support for developers on Android and Chrome. General availability for everyone using Android 9 and higher will follow later in November. This is a critical step in the wide adoption of passkeys, which will work with your Google Password Manager to further simplify sign-ins across devices, websites and applications — no matter the platform. The best part? Instead of typing a password, you can sign in with whatever method you usually use to unlock your phone (passcode, fingerprint, facial recognition, etc.).

image of passkey

Partnering to protect high-risk users

With the U.S. midterm elections quickly approaching, we’re continuing to protect high-risk users, like journalists and campaigns, through our security tools and partnerships. Our Campaign Security Project with Defending Digital Campaigns provides organizations across the political spectrum with tools and resources to train candidates and campaign workers on how to stay safe online. To date, the program has trained over 5,300 election-related stakeholders over the course of 52 training sessions and workshops around the country — allowing us to better protect these high-risk individuals amid a changing threat landscape.

We’re also continuing to help protect democracies on a global scale by collaborating with leading organizations like the International Foundation for Electoral Systems (IFES). This collaboration helps high-risk users enhance their cybersecurity with the Advanced Protection Program (APP), our strongest form of account security for those at risk of state sponsored attacks. We’ve also continued to donateGoogle Titan Security Keys to high-risk organizations and individuals, which can be used as a form of 2-Step Verification (2SV) for advanced account security.

Products that keep you secure by default

For security to be effective, it has to be easy, which is why most of our protections are built-in and automatic. For example, Google Play Protect provides automatic, daily malware scanning on all the apps on your Android device, even when you're offline. And our 2-Step Verification (2SV) requires just one tap to create secure, verified access to your account. Now Google is making it even easier to enroll in 2SV and get security notifications:

  • 2SV enrollment with Google Assistant: Simply ask, “Hey Google, how do I set up 2-Step Verification?” If you’re not enrolled, Assistant will even remind you to sign up when you ask privacy and security questions, such as, “Hey Google, how do you keep my data safe?" We’re also making it easier to apply software updates — a critical step in securing your devices — by enabling auto updates via Google Home.
  • Safety status: To further strengthen the security of your account, we’re making safety status on your Google Account easily visible as part of your profile picture across the apps you use every day. If anything on your account needs security attention, you’ll know right away. A simple yellow or red alert will highlight actions you should take to secure your account, so you never have to worry about missing a critical security update again.
  • Safety Insights: We’re rolling out a feature in the Google app for iOS that gives you site-specific safety information — including a description of the cookies used by the site, alerts for unsecure sites and soon, reminders for passwords that may have been compromised. You can also access the “Results about you” tool, which allows you to request the removal of search results that contain your personal contact information (i.e., phone number, home address, email address) from search results.
GIF showing recommended security actions

Keeping your connections private and secure

We build our products with your privacy and security in mind. That’s why our latest Nest cameras and doorbells are designed for your security: They use encrypted video, 2SV, and the enhanced security of your Google Account. And today, we’re announcing that if you have a Pixel 4 or more recent model that uses Android 12 or above, your mobile traffic on the Google Fi cellular network is automatically encrypted and private.

As we continue into Cybersecurity Awareness Month, stay tuned for more updates — from keeping the upcoming elections safer, to moving us further into a passwordless world. Visit our Safety Center to stay up to date and learn more about how we’re making every day safer with Google.

Automatic privacy protections with Google Fi and Pixel

Whether you’re shopping for your family or sending emails for work, getting stuff done online can sometimes involve sharing personal information, like your credit card number or address. It’s important that this information is protected and kept private, no matter what network you’re connected to.

Every day, our teams help protect your personal information, working to ensure all Google products are secure by default, private by design and put you in control of your data. That’s why all Google Fi phone plans come with privacy and security features at no extra cost. And in honor of Cybersecurity Awareness Month, in addition to other announcements Google is making, today we’re sharing an update that makes it even easier to protect your personal information online when browsing.

Easier online protection if you’re a Pixel user on Fi

Starting today, we’re providing an added layer of protection: If you are a Pixel user, your mobile data traffic on the Fi cellular network is automatically encrypted and private. This feature is now available for the recently introduced Pixel 7, and earlier models down to Pixel 4, so long as they're running Android 12 or above. That means you don’t have to take any additional steps to keep the content of your web browsing private on the Fi network — your mobile connection is private by design. You can learn more about this automatic cellular data encryption on Fi in our report and our Help Center.

And if you want protection for your Wi-Fi connections as well, you can still choose to enable the Fi Virtual Private Network (VPN) for an encrypted and private data connection on all networks — no matter what type of phone you have. Whether you’re using cellular data or Wi-Fi, once you enable the VPN, it encrypts your browsing and data activity, shielding you against attackers on unsecure networks (like public Wi-Fi) and preventing websites from using your IP address to track your location.

Privacy and security for data, calls and texts on Fi

The new privacy protection for your mobile data traffic that we’re announcing today is just our latest effort to help keep your personal information private and secure. It joins other privacy and security features already included in all Fi plans.

For example, with the Fi VPN for all phones, it's easier to privately browse online. Plus, voice calls between Android phones on Fi already come with automatic end-to-end encryption, so the contents of your verbal conversations stay between you and the other Fi user you’re talking to. And when you and the person you’re text messaging use the Messages app and enable chat features, what you share via text — including photos and video — is kept private, too.

If you have a family or group using Android phones on Fi, this means the content of your communications with each other can be kept private, whether you’re browsing online, calling or texting each other.

These features are enabled by Protected Computing — a growing toolkit of technologies that transforms how, when and where data is processed to technically ensure the privacy and safety of your data. With Google’s continued investment in Protected Computing, we’ll work to continue delivering even more private experiences across our products.

Other ways we’re keeping you and your family safe

We’re committed to keeping your family’s personal information safe, no matter what plan or phone you choose. So all Fi plans come with privacy and security features such as spam call detection and blocking to stop identified robocalls and scams, all included at no extra cost. You also get extra layers of protection by default, including a robust account recovery process and notifications for suspicious activity. And family features allow you to block contact from strangers, set data budgets and share your location with family members.

To learn more about privacy and security on Fi, you can visit our website.

Bringing passkeys to Android & Chrome

Posted by Diego Zavala, Product Manager (Android), Christiaan Brand, Product Manager (Account Security), Ali Naddaf, Software Engineer (Identity Ecosystems), Ken Buchanan, Software Engineer (Chrome)

Explore passkeys on Android & Chrome starting today

Starting today, Google is bringing passkey support to both Android and Chrome.

Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don't leak in server breaches, and protect users from phishing attacks. Passkeys are built on industry standards and work across different operating systems and browser ecosystems, and can be used for both websites and apps.

Passkeys follow already familiar UX patterns, and build on the existing experience of password autofill. For end-users, using one is similar to using a saved password today, where they simply confirm with their existing device screen lock such as their fingerprint. Passkeys on users’ phones and computers are backed up and synced through the cloud to prevent lockouts in the case of device loss. Additionally, users can use passkeys stored on their phone to sign in to apps and websites on other nearby devices.

Today’s announcement is a major milestone in our work with passkeys, and enables two key capabilities:

  1. Users can create and use passkeys on Android devices, which are securely synced through the Google Password Manager.
  2. Developers can build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms.

To try this today, developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels later this year.

Our next milestone in 2022 will be an API for native Android apps. Passkeys created through the web API will work seamlessly with apps affiliated with the same domain, and vice versa. The native API will give apps a unified way to let the user pick either a passkey or a saved password. Seamless, familiar UX for both passwords and passkeys helps users and developers gradually transition to passkeys.

Signing in to a website on an Android device with a passkey

For the end-user, creating a passkey requires just two steps: (1) confirm the passkey account information, and (2) present their fingerprint, face, or screen lock when prompted.

 

Signing in is just as simple: (1) The user selects the account they want to sign in to, and (2) presents their fingerprint, face, or screen lock when prompted.

 

Signing in to a website on a nearby computer with a passkey on an Android device

A passkey on a phone can also be used to sign in on a nearby device. For example, an Android user can now sign in to a passkey-enabled website using Safari on a Mac. Similarly, passkey support in Chrome means that a Chrome user, for example on Windows, can do the same using a passkey stored on their iOS device.

Since passkeys are built on industry standards, this works across different platforms and browsers - including Windows, macOS and iOS, and ChromeOS, with a uniform user experience.

We will continue to do our part for a passwordless future

We have worked with others in the industry, including Apple and Microsoft, and members within the FIDO Alliance and the W3C to drive secure authentication standards for years. We have shipped support for W3C Webauthn and FIDO standards since their inception.

Today is another important milestone, but our work is not done. Google remains committed to a world where users can choose where their passwords, and now passkeys, are stored. Please stay tuned for more updates from us in the next year as we introduce changes to Android, enabling third party credential managers to support passkeys for their users.

Drive with Zombies (or run from them) this spooky season

As October 31st nears, spooky season is upon us. And it’s brought Zombies to Waze. Starting today, enter a Zombified Waze world on your next drive. You can choose to team up with an expert escapist to avoid the Zombies, or take your chance and get to know a member of the undead with a Zombie itself.

Activate your voice navigation to adventure with the Survivalist by your side to learn the best skills for staying away from the slow-moving menaces. You’ll ride with all the gear you need for surprises along the way when you change your vehicle guide to the Escapemobile, and show off your strength to other drivers with the Survivalist Mood.

If you’d rather a Zombie guide your way, select the Zombie voice navigation and find out if the rumor that these monsters think with their brains is really true. Switch to the Zombie Mood to show your allegiance to the misunderstood undead. And to get the full zombified experience, swap out your navigation arrow for the Zombieombile.

Activate the Zombie experience by visiting Waze or clicking “My Waze” in your app. Tap the “Drive with Zombies” banner to activate. Available globally with voice navigation in English, French, Spanish and Portuguese.