Tag Archives: privacy

Improving user privacy by requiring opt-in to send X-Requested-With header from WebView

Posted by Peter Birk Pakkenberg, Software Engineer

X-Requested-With (XRW) is a nonstandard header.

When a user installs and runs an application that uses a WebView to embed web content, the WebView will add the X-Requested-With header on every request sent to servers, with a value of the application APK name. It is then left to the receiving web server to determine if and how to use this information.

We want to protect the user's privacy by only sending this header on requests if the app developer explicitly opts-in to share with services embedded within the WebView. We are introducing new and purpose-built methods of client attestation that solve important safety use cases in a privacy-sensitive manner.

To let current online services that depend on this header migrate away from using it, we will run a Deprecation Origin Trial, while removing the header for general traffic.

Why are we making this change?

In early use cases, the X-Requested-With header was used to detect click fraud from malicious apps. It was also used to let a server know it's interacting with AJAX requests and needn't reply with HTML. The header was quickly adopted by common frameworks (jQuery, Dojo, Django) as a defense against CSRF attacks. However, several vulnerabilities (such as browser extensions impersonating websites) appeared around its use.

Android WebView adopted the X-Requested-Header with the application name as the value, as a way to allow online services to detect deceptive apps that were using hidden webviews to generate fake traffic. While this problem still exists today, the header as it is currently implemented does not fully solve the problem, as apps can easily change the value being sent on some requests in later Android versions.

The header, as currently implemented by default in Android WebView, does not follow the principle of meaningful consent of all parties exchanging the information and the Android Platform Security Model’s definition of multi-party consent.

APK name also contains specific information about the context in which the user is consuming the web content, and can leak the identity of the app to the online service.

How does this proposal affect the header?

It's important to note that the non-WebView use cases will not change because of this proposal, as clients and servers still can and will set the header in normal JavaScript environments.

Even today, WebView will not overwrite the header if the header has already been set on an AJAX request by a JavaScript framework.

This removal only targets the WebView use case, which adds the header to every HTTP request made by the browser (that is, not the XMLHttpRequest use case).

What is the impact of removing this feature?

Today content owners may decide to rely on X-Requested-With to attribute traffic and control access without employing their own authentication. Other services use it for reporting of aggregate patterns about their user base.

All of these use cases will be affected by the removal of the header on requests, and in the majority of cases where the header is not modified by dishonest apps, it provides useful information to online services.

Given this, we plan to limit disruption during the deprecation and transition to purpose-built replacement signals by offering a Deprecation Origin Trial to maintain the existing behavior.

We ask for feedback on existing use cases that currently rely on and may be impacted by these changes.

Next steps and the future of XRW

As we gradually roll out the removal, origins participating in the trial will be exempted (that is, WebView will continue to send the header to these origins for as long as the trial lasts). The deprecation trial is expected to remain active for at least a year to give partners time to adjust for the change.

Further, during the deprecation origin trial, we will be developing new privacy-preserving APIs to match the use cases where the XRW header is being used today, such as client attestation APIs.

Separately from the deprecation trial, we will provide an opt-in API for application developers. This API will allow individual apps to selectively send the header to chosen origins, which can be used to maintain functionality of legacy sites that are not migrating, and the API will remain after the deprecation trial has finished.

Helpful resources

Key areas where we are seeking feedback

  • Key use cases for the XRW header today (e.g., payment authentication, account takeover fraud)
  • How important the XRW header is for each of these use cases
  • Desired capabilities that any new privacy-preserving alternatives would ideally have

Preparing for the Android Privacy Sandbox Beta

Posted by Anthony Chavez, VP Product ManagementIn February we announced the Privacy Sandbox on Android, with the goal of bringing new, more private advertising solutions to mobile.

Over the course of 2022, we've published design proposals and released a number of Developer Previews. We appreciate all of the feedback we've received which has helped us refine and improve these proposals.

Beginning early next year we plan to rollout the initial Privacy Sandbox Beta to Android 13 mobile devices, so that developers can take the next steps in testing these new solutions. We'll start with a small percentage of devices and increase over time. Note that Developer Previews will continue to be released and this is where we’ll first deliver the latest features for early feedback before being released on production devices.

Today, we're sharing more details about the Privacy Sandbox Beta so that developers can get prepared.


Enroll to access the Privacy-Preserving APIs

Starting with the Beta release, as well as future Developer Previews, developers will need to complete an enrollment process in order to utilize the ads-related APIs (including Topics, FLEDGE, and Attribution Reporting). The enrollment process will verify developer identity and gather developer-specific data needed by the APIs. You can learn more about how to enroll here.


How to participate

The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions.

During the initial rollout stages, enrolled developers will also need to join the early testers program. This program will allow developers to test the APIs on a limited number of their own Android 13 devices for internal apps and requested published apps.

For the SDK Runtime, we’ll have a closed beta for developers to test Runtime-enabled SDK distribution to select apps. Because of the coordination required to test the SDK Runtime on production devices, we expect this beta to involve a limited number of partners who can dedicate resources to support this testing. If you’re interested in participating, please register your interest.

To utilize the Beta release, developers will need to compile their solutions with an API level 33 SDK extension update that is coming soon.


Advice For Advertisers & Publishers

We’ve heard from many advertisers and publishers about the role they can play in testing these new technologies. For companies that rely on third party solutions for ad serving or ad measurement, we recommend working with your providers to understand their testing roadmaps and how you can participate in early testing of Privacy Sandbox.

We want to thank everyone who has engaged on the Android Privacy Sandbox, and look forward to continued feedback as we enter this next phase of testing."

Preparing for the Android Privacy Sandbox Beta

Posted by Anthony Chavez, VP Product ManagementIn February we announced the Privacy Sandbox on Android, with the goal of bringing new, more private advertising solutions to mobile.

Over the course of 2022, we've published design proposals and released a number of Developer Previews. We appreciate all of the feedback we've received which has helped us refine and improve these proposals.

Beginning early next year we plan to rollout the initial Privacy Sandbox Beta to Android 13 mobile devices, so that developers can take the next steps in testing these new solutions. We'll start with a small percentage of devices and increase over time. Note that Developer Previews will continue to be released and this is where we’ll first deliver the latest features for early feedback before being released on production devices.

Today, we're sharing more details about the Privacy Sandbox Beta so that developers can get prepared.


Enroll to access the Privacy-Preserving APIs

Starting with the Beta release, as well as future Developer Previews, developers will need to complete an enrollment process in order to utilize the ads-related APIs (including Topics, FLEDGE, and Attribution Reporting). The enrollment process will verify developer identity and gather developer-specific data needed by the APIs. You can learn more about how to enroll here.


How to participate

The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions.

During the initial rollout stages, enrolled developers will also need to join the early testers program. This program will allow developers to test the APIs on a limited number of their own Android 13 devices for internal apps and requested published apps.

For the SDK Runtime, we’ll have a closed beta for developers to test Runtime-enabled SDK distribution to select apps. Because of the coordination required to test the SDK Runtime on production devices, we expect this beta to involve a limited number of partners who can dedicate resources to support this testing. If you’re interested in participating, please register your interest.

To utilize the Beta release, developers will need to compile their solutions with an API level 33 SDK extension update that is coming soon.


Advice For Advertisers & Publishers

We’ve heard from many advertisers and publishers about the role they can play in testing these new technologies. For companies that rely on third party solutions for ad serving or ad measurement, we recommend working with your providers to understand their testing roadmaps and how you can participate in early testing of Privacy Sandbox.

We want to thank everyone who has engaged on the Android Privacy Sandbox, and look forward to continued feedback as we enter this next phase of testing."

Preparing for the Android Privacy Sandbox Beta

Posted by Anthony Chavez, VP Product ManagementIn February we announced the Privacy Sandbox on Android, with the goal of bringing new, more private advertising solutions to mobile.

Over the course of 2022, we've published design proposals and released a number of Developer Previews. We appreciate all of the feedback we've received which has helped us refine and improve these proposals.

Beginning early next year we plan to rollout the initial Privacy Sandbox Beta to Android 13 mobile devices, so that developers can take the next steps in testing these new solutions. We'll start with a small percentage of devices and increase over time. Note that Developer Previews will continue to be released and this is where we’ll first deliver the latest features for early feedback before being released on production devices.

Today, we're sharing more details about the Privacy Sandbox Beta so that developers can get prepared.


Enroll to access the Privacy-Preserving APIs

Starting with the Beta release, as well as future Developer Previews, developers will need to complete an enrollment process in order to utilize the ads-related APIs (including Topics, FLEDGE, and Attribution Reporting). The enrollment process will verify developer identity and gather developer-specific data needed by the APIs. You can learn more about how to enroll here.


How to participate

The Privacy Sandbox Beta will be available for ad tech and app developers who wish to test the ads-related APIs as part of their solutions.

During the initial rollout stages, enrolled developers will also need to join the early testers program. This program will allow developers to test the APIs on a limited number of their own Android 13 devices for internal apps and requested published apps.

For the SDK Runtime, we’ll have a closed beta for developers to test Runtime-enabled SDK distribution to select apps. Because of the coordination required to test the SDK Runtime on production devices, we expect this beta to involve a limited number of partners who can dedicate resources to support this testing. If you’re interested in participating, please register your interest.

To utilize the Beta release, developers will need to compile their solutions with an API level 33 SDK extension update that is coming soon.


Advice For Advertisers & Publishers

We’ve heard from many advertisers and publishers about the role they can play in testing these new technologies. For companies that rely on third party solutions for ad serving or ad measurement, we recommend working with your providers to understand their testing roadmaps and how you can participate in early testing of Privacy Sandbox.

We want to thank everyone who has engaged on the Android Privacy Sandbox, and look forward to continued feedback as we enter this next phase of testing."

How Hash-Based Safe Browsing Works in Google Chrome

By Rohit Bhatia, Mollie Bates, Google Chrome Security

There are various threats a user faces when browsing the web. Users may be tricked into sharing sensitive information like their passwords with a misleading or fake website, also called phishing. They may also be led into installing malicious software on their machines, called malware, which can collect personal data and also hold it for ransom. Google Chrome, henceforth called Chrome, enables its users to protect themselves from such threats on the internet. When Chrome users browse the web with Safe Browsing protections, Chrome uses the Safe Browsing service from Google to identify and ward off various threats.

Safe Browsing works in different ways depending on the user's preferences. In the most common case, Chrome uses the privacy-conscious Update API (Application Programming Interface) from the Safe Browsing service. This API was developed with user privacy in mind and ensures Google gets as little information about the user's browsing history as possible. If the user has opted-in to "Enhanced Protection" (covered in an earlier post) or "Make Searches and Browsing Better", Chrome shares limited additional data with Safe Browsing only to further improve user protection.

This post describes how Chrome implements the Update API, with appropriate pointers to the technical implementation and details about the privacy-conscious aspects of the Update API. This should be useful for users to understand how Safe Browsing protects them, and for interested developers to browse through and understand the implementation. We will cover the APIs used for Enhanced Protection users in a future post.

Threats on the Internet

When a user navigates to a webpage on the internet, their browser fetches objects hosted on the internet. These objects include the structure of the webpage (HTML), the styling (CSS), dynamic behavior in the browser (Javascript), images, downloads initiated by the navigation, and other webpages embedded in the main webpage. These objects, also called resources, have a web address which is called their URL (Uniform Resource Locator). Further, URLs may redirect to other URLs when being loaded. Each of these URLs can potentially host threats such as phishing websites, malware, unwanted downloads, malicious software, unfair billing practices, and more. Chrome with Safe Browsing checks all URLs, redirects or included resources, to identify such threats and protect users.

Safe Browsing Lists

Safe Browsing provides a list for each threat it protects users against on the internet. A full catalog of lists that are used in Chrome can be found by visiting chrome://safe-browsing/#tab-db-manager on desktop platforms.

A list does not contain unsafe web addresses, also referred to as URLs, in entirety; it would be prohibitively expensive to keep all of them in a device’s limited memory. Instead it maps a URL, which can be very long, through a cryptographic hash function (SHA-256), to a unique fixed size string. This distinct fixed size string, called a hash, allows a list to be stored efficiently in limited memory. The Update API handles URLs only in the form of hashes and is also called hash-based API in this post.

Further, a list does not store hashes in entirety either, as even that would be too memory intensive. Instead, barring a case where data is not shared with Google and the list is small, it contains prefixes of the hashes. We refer to the original hash as a full hash, and a hash prefix as a partial hash.

A list is updated following the Update API’s request frequency section. Chrome also follows a back-off mode in case of an unsuccessful response. These updates happen roughly every 30 minutes, following the minimum wait duration set by the server in the list update response.

For those interested in browsing relevant source code, here’s where to look:

Source Code

  1. GetListInfos() contains all the lists, along with their associated threat types, the platforms they are used on, and their file names on disk.
  2. HashPrefixMap shows how the lists are stored and maintained. They are grouped by the size of prefixes, and appended together to allow quick binary search based lookups.

How is hash-based URL lookup done

As an example of a Safe Browsing list, let's say that we have one for malware, containing partial hashes of URLs known to host malware. These partial hashes are generally 4 bytes long, but for illustrative purposes, we show only 2 bytes. 

['036b', '1a02', 'bac8', 'bb90']

Whenever Chrome needs to check the reputation of a resource with the Update API, for example when navigating to a URL, it does not share the raw URL (or any piece of it) with Safe Browsing to perform the lookup. Instead, Chrome uses full hashes of the URL (and some combinations) to look up the partial hashes in the locally maintained Safe Browsing list. Chrome sends only these matched partial hashes to the Safe Browsing service. This ensures that Chrome provides these protections while respecting the user’s privacy. This hash-based lookup happens in three steps in Chrome:

Step 1: Generate URL Combinations and Full Hashes

When Google blocks URLs that host potentially unsafe resources by placing them on a Safe Browsing list, the malicious actor can host the resource on a different URL. A malicious actor can cycle through various subdomains to generate new URLs. Safe Browsing uses host suffixes to identify malicious domains that host malware in their subdomains. Similarly, malicious actors can also cycle through various subpaths to generate new URLs. So Safe Browsing also uses path prefixes to identify websites that host malware at various subpaths. This prevents malicious actors from cycling through subdomains or paths for new malicious URLs, allowing robust and efficient identification of threats.

To incorporate these host suffixes and path prefixes, Chrome first computes the full hashes of the URL and some patterns derived from the URL. Following Safe Browsing API's URLs and Hashing specification, Chrome computes the full hashes of URL combinations by following these steps:

  1. First, Chrome converts the URL into a canonical format, as defined in the specification.
  2. Then, Chrome generates up to 5 host suffixes/variants for the URL.
  3. Then, Chrome generates up to 6 path prefixes/variants for the URL.
  4. Then, for the combined 30 host suffixes and path prefixes combinations, Chrome generates the full hash for each combination.

Source Code

  1. V4LocalDatabaseManager::CheckBrowseURL is an example which performs a hash-based lookup.
  2. V4ProtocolManagerUtil::UrlToFullHashes creates the various URL combinations for a URL, and computes their full hashes.

Example

For instance, let's say that a user is trying to visit https://evil.example.com/blah#frag. The canonical url is https://evil.example.com/blah. The host suffixes to be tried are evil.example.com, and example.com. The path prefixes are / and /blah. The four combined URL combinations are evil.example.com/, evil.example.com/blah, example.com/, and example.com/blah. 

url_combinations = ["evil.example.com/", "evil.example.com/blah","example.com/", "example.com/blah"]
full_hashes = ['1a02…28', 'bb90…9f', '7a9e…67', 'bac8…fa']

Step 2: Search Partial Hashes in Local Lists

Chrome then checks the full hashes of the URL combinations against the locally maintained Safe Browsing lists. These lists, which contain partial hashes, do not provide a decisive malicious verdict, but can quickly identify if the URL is considered not malicious. If the full hash of the URL does not match any of the partial hashes from the local lists, the URL is considered safe and Chrome proceeds to load it. This happens for more than 99% of the URLs checked.

Source Code

  1. V4LocalDatabaseManager::GetPrefixMatches gets the matching partial hashes for the full hashes of the URL and its combinations.

Example

Chrome finds that three full hashes 1a02…28, bb90…9f, and bac8…fa match local partial hashes. We note that this is for demonstration purposes, and a match here is rare.

Step 3: Fetch Matching Full Hashes

Next, Chrome sends only the matching partial hash (not the full URL or any particular part of the URL, or even their full hashes), to the Safe Browsing service's fullHashes.find method. In response, it receives the full hashes of all malicious URLs for which the full hash begins with one of the partial hashes sent by Chrome. Chrome checks the fetched full hashes with the generated full hashes of the URL combinations. If any match is found, it identifies the URL with various threats and their severities inferred from the matched full hashes.

Source Code

  1. V4GetHashProtocolManager::GetFullHashes performs the lookup for the full hashes for the matched partial hashes.

Example

Chrome sends the matched partial hashes 1a02, bb90, and bac8 to fetch the full hashes. The server returns full hashes that match these partial hashes, 1a02…28, bb90…ce, and bac8…01. Chrome finds that one of the full hashes matches with the full hash of the URL combination being checked, and identifies the malicious URL as hosting malware.

Conclusion

Safe Browsing protects Chrome users from various malicious threats on the internet. While providing these protections, Chrome faces challenges such as constraints in memory capacity, network bandwidth usage, and a dynamic threat landscape. Chrome is also mindful of the users’ privacy choices, and shares little data with Google.

In a follow up post, we will cover the more advanced protections Chrome provides to its users who have opted in to “Enhanced Protection”.

Privacy Sandbox Developer Preview 3: Support for conversion measurement, custom audiences, and ad selection

Posted by Fred Chung, Android Developer Relations

Privacy Sandbox Developer Preview 3 

The Privacy Sandbox on Android aims to develop new solutions that preserve user privacy and enable effective, personalized advertising experiences for apps. Since our first developer preview, we've shared progress updates and continue to engage the industry on everything from the Developer Preview timeline, to Topics taxonomy, to SDK version management. We appreciate your feedback!

Today, we’re releasing Developer Preview 3, which includes APIs and developer resources for conversion measurement and remarketing use cases. In addition to the preview of SDK Runtime and Topics APIs released earlier, you can for the first time begin testing and evaluating impact on all key APIs for Privacy Sandbox on Android.


Event-Level and Aggregate Attribution Reporting APIs

These APIs allow developers to measure when an ad click or view event leads to a conversion, such as the download of a new game. They support key use cases for attribution across apps and the web, and improve user privacy by removing reliance on cross-party user identifiers.

This release includes a developer guide and sample apps to help you understand client- and server-side set up and interactions for key parts of the attribution reporting workflow, including:

  • Registering attribution source and trigger events.
  • Receiving event reports and unencrypted aggregatable reports.

    • (Note that aggregatable report encryption is not yet implemented. See the release notes for details.)

To help facilitate testing, the release also supports ADB commands to override reporting time windows. Refer to the API reference to learn more about the Android client APIs.


Custom Audience and Ad Selection APIs

Part of FLEDGE for Android, these APIs provide the building blocks to serve customized ads to users based on previous app engagement, without third-party data sharing. You’ll be able to:

  • Manage Custom Audience membership and observe how its parameter values may affect auction outcomes
  • Fetch JavaScript auction code from remote endpoints
  • Configure and initiate on-device ad auctions
  • Handle impression reporting

To learn more, refer to the Custom Audience and Ad Selection API reference pages, as well as the release notes.


Other key features

If you’re just starting to explore the Developer Preview, please also review the supported features described in the SDK Runtime and Topics API developer guides.

If you need a refresher on key technologies for the Privacy Sandbox on Android, we recommend watching this overview video and reviewing the design proposals.

Get started with the Developer Preview

Today’s Developer Preview release provides the resources you need to begin early testing of features and share feedback. To get started developing, see instructions to set up the SDK and system images on the emulator or supported Pixel devices.

For more information on the Privacy Sandbox on Android Developer Preview, visit the developer site and sign up for our newsletter to receive regular updates.

Android 13 Beta 3 and Platform Stability

Posted by Dave Burke, VP of Engineering

Android13 Logo

Today we’re releasing the third Beta of Android 13, taking us into the final phase of our cycle where we’re focusing on polish and performance. With Android 13, we’ve built on our core themes of privacy and security, developer productivity, and tablet and large screen support.

There’s a lot to explore in Android 13, from privacy features like the new notification permission and photo picker, to productivity features like themed app icons and per-app language support, as well as modern standards like HDR video, Bluetooth LE Audio, and MIDI 2.0 over USB. We’ve also extended the newer updates we made in 12L, giving you better tools to take advantage of the 270+ million tablet and large screen devices in active use.

Beta 3 takes Android 13 to Platform Stability, which means that the developer APIs and all app-facing behaviors are now final. We’re thankful for all the feedback you’ve shared to help us get to this point! For developers, the focus is now on compatibility testing and quality as you prepare your apps for the official release later in the year!

You can get Beta 3 on your Pixel device by enrolling here for over-the-air updates. If you previously enrolled, you’ll automatically get today’s update. You can also try Android 13 Beta on select devices from several of our partners - learn more at android.com/beta. Read on for a quick look at how to get your app ready, and visit the Android 13 developer site for details.


Platform Stability

With Beta 3, Android 13 reaches Platform Stability, a milestone that means all app-facing behaviors and APIs, including the official API Level 33 SDK and NDK APIs, are now final. So from Beta 3, you can confidently develop and release your compatibility updates knowing that the platform won’t change.

Platform stability timeline with stable at the June mark

We’re asking all app and game developers to start your final compatibility testing now and prepare to publish your compatibility updates as soon as possible ahead of the final release.

For all SDK, library, tools, and game engine developers, it’s even more important to start testing now and release your compatible updates as soon as possible -- your downstream app and game developers may be blocked until they receive your updates. So when you’ve released a compatible update, be vocal and let your developers know!


App compatibility

App compatibility means that your app runs as intended on a new version of the platform. With each release, we make integral changes to the platform that improve privacy and security and the overall user experience across the OS. These can affect your apps, so it’s important to test your app now, make any updates needed, and publish a compatible update to your users ahead of the final release. It’s a basic but critical level of quality that your users will appreciate as they explore what’s new in Android 13.

To test your app for compatibility, just install your production app from Google Play or other source onto a device running Android 13 Beta 3. Work through all of the app’s flows and watch for functional or UI issues. Review the behavior changes to focus your testing. Here are some changes to watch for:

  • Runtime permission for notifications - Android 13 introduces a new runtime permission for sending notifications from an app. Make sure you understand how the new permission works, and plan on targeting Android 13 (API 33) as soon as possible. More here.
  • Clipboard preview - Make sure your app hides sensitive data in Android 13’s new clipboard preview, such as passwords or credit card information. More here.
  • JobScheduler prefetch - JobScheduler now tries to anticipate the next time your app will be launched and will run any associated prefetch jobs ahead of that time. If you use prefetch jobs, test that they are working as expected. More here.

Also remember to test the libraries and SDKs in your app for compatibility. If you find any issues, try updating to the latest version of the library or SDK or reaching out to the developer for help.

Once you’ve published the compatible version of your current app, you can start the process to update your app's targetSdkVersion. Review the behavior changes for apps targeting Android 13 and use the compatibility framework to help you detect issues quickly. Here are some of the changes to test for (these apply only to apps with targetSdkVersion set to API 33 or higher):

  • Nearby device permission for Wi-Fi - Apps that manage a device's connections to nearby access points should use a new NEARBY_WIFI_DEVICES runtime permission for Wi-Fi operations like scanning, without needing access to device location. Some Wi-Fi APIs require your app to have this new permission. More here.
  • Granular media permissions - If your app targets Android 13 and reads media files from common data storage, you must request one or more of the new granular permissions instead of the READ_EXTERNAL_STORAGE permission. More here.
  • Permission changes for body sensors - Android 13 introduces "while in use" access for body sensors. If your app needs to access body sensor information from the background, it must declare a new BODY_SENSORS_BACKGROUND permission. More here.
  • Intent filters block non-matching intents - If your app sends an intent to an exported component of another app targeting Android 13 (API 33) or higher, it now needs to match an intent filter in the receiving app. More here.
  • Media controls derived from PlaybackState - Android 13 derives more media controls from PlaybackState actions, to show a richer set of controls that are consistent across device types. Make sure your app handles these changes. More here

Tablets and large-screens support

Android 13 builds on the tablet optimizations introduced in 12L, so as part of your testing, make sure your apps look their best on tablets and other large-screen devices. You can test with the large screens features by setting up an Android emulator in Android Studio, or you can use a large screen device from our Android 13 Beta partners. Here are some areas to watch for:

  • Taskbar interaction - Check how your app responds when viewed with the new taskbar on large screens. Make sure your app's UI isn't cut off or blocked by the taskbar. More here.
  • Multi-window mode - Multi-window mode is now enabled by default for all apps, regardless of app configuration, so make sure the app handles split-screen appropriately. You can test by dragging and dropping your app into split-screen mode and adjusting the window size. More here.
  • Improved compatibility experience - if your app isn’t optimized for tablets yet, such as using a fixed orientation or not being resizable, check how your app responds to compatibility mode adjustments such as letterboxing. More here.
  • Media projection - If your app uses media projection, check how your app responds while playing back, streaming, or casting media on large screens. Be sure to account for device posture changes on foldable devices as well. More here.
  • Camera preview - For camera apps, check how your camera preview UI responds on large screens when your app is constrained to a portion of the screen in multi-window or split-screen mode. Also check how your app responds when a foldable device's posture changes. More here.

You can read more about the tablet features in Android 13 and what to test here.


Get started with Android 13!

Today’s Beta release has everything you need to test your app and try the Android 13 features. Just enroll your Pixel device to get the update over-the-air. To get started, set up the Android 13 SDK.

You can also test your app with Android 13 Beta on devices from several of our partners. Visit android.com/beta to see the full list of partners, with links to their sites for details on their supported devices and Beta builds, starting with Beta 1. Each partner will handle their own enrollments and support, and provide the Beta updates to you directly. For even broader testing, you can try Android 13 Beta 3 on Android GSI images, and if you don’t have a device, you can test on the Android Emulator.

For complete details on Android 13, visit the Android 13 developer site.

Progress on initiatives to keeping Google Play safe

Posted by Krish Vitaldevara Director, Product Management, Play and Android Trust & Safety

Google Play Privacy 

We want to keep you updated on the privacy and security initiatives we shared earlier this year, so you can plan ahead and use new tools to safely build your business. In the past few months, we launched:

  • Google Play SDK Index to help you evaluate an SDK’s reliability and safety and make informed decisions about whether an SDK is right for your business and your users. See insights and usage data on over 100 of the most widely used commercial SDKs on Google Play.
  • The Data safety section on Google Play, helping users better understand your apps’ data safety practices. Developers have told us that this new feature helps them explain privacy practices with their users and build trust. If you haven't yet, complete your Data safety form by July 20th.
  • Enhancements to app integrity tools like Play App Signing to securely sign millions of apps on Google Play and help ensure that app updates can be trusted. Use Play App Signing to help protect your app signing key from loss or compromise with Google's secure key management service.
  • Play Integrity API to help protect your app, your IP, and your users from piracy and malicious activity. Use this API to help detect fraudulent and risky interactions, such as traffic from modified or pirated app versions and rooted or compromised devices.
  • And a new Target API Level policy to strengthen user security by protecting users from installing apps that may not have the expected privacy and security features.

What’s coming up

  • As part of our work with the industry to build more private advertising solutions, we’ve launched initial developer previews for Privacy Sandbox on Android. We have more developer previews coming soon and a beta later this year.
  • We continue to help developers update their apps before policy enforcement actions are taken. We’ve extended time to make changes, improved clarity of responses, and added new training materials. Recent tests of advanced Play Console warnings have also shown solid results. As we refine these features, we’ll expand them to more developers this year.

Thank you for your partnership in making Google Play a safe and trustworthy platform for everyone.

3 things to know about Android Privacy, Platform & Security from Google I/O’22

Posted by Dan Galpin, Developer Relations Engineer

Blue security symbols 

Amidst the whirlwind of content at Google I/O, we shared huge announcements involving privacy, security, and the Android platform. Read on for the details, and don’t forget to watch the topic playlist on YouTube.


#1: Privacy Sandbox on Android

We recently released the first Privacy Sandbox on Android Developer Preview, so you can get an early look at the SDK Runtime and Topics API. This provides a path for new advertising solutions that improve user privacy without putting access to free content and services at risk.

You can conduct preliminary testing of these new technologies, evaluate how you might adopt them for your solutions, and share feedback with us. Learn more in the “Overview of the Privacy Sandbox in Android” session.


#2: Google Play SDK Index

The new Google Play SDK index is a public portal that lists over 100 of the most widely used commercial SDKs. It contains information like which app permissions the SDK requests, statistics on the apps that use them, and which version of the SDK is most popular, so you can evaluate if an SDK is right for your business and your users. Android Studio Electric Eel allows you to view dependency insights from Google Play SDK Index; if a specific version of a library has been marked as 'outdated' by its author, a corresponding Lint warning appears when viewing that dependency definition. Learn more on our blog post and watch the “What’s new in Google Play” and “What’s new in Android development tools” sessions.


#3: Android 13!

The second Beta of Android 13 is now available. You can enhance your app with Android 13 features like app-specific language support and themed app icons, while the "Basics for System Back" talk covers the new Android 13 opt-in API that lets you tell the system that you’re handling back ahead of time to make the back experience more predictable and fluid.

The "Developing Privacy User-centric Apps" session will help you get your apps ready for the latest features for privacy and security, like the new notification permission, the privacy-protecting photo picker, and improved permissions for pairing with nearby devices and accessing media files.

The "What's new in Android Media" talk will help you build with modern standards like HDR video and Bluetooth LE Audio, while the "What's New in Android Camera" talk provides a … snapshot … of what we’re doing in CameraX, such as support for video capture and WYSIWYG camera controls.

You can get started by enrolling your Pixel device here. The Android 13 Beta is now available to test on a range of devices from Asus, Lenovo, Nokia, OnePlus, Oppo, Realme, Sharp, TECNO, Vivo, Xiaomi, and ZTE - visit developer.android.com/13 to learn more.

This is just a fraction of what we're doing to improve the Android platform, user privacy, and security. Head on over to the playlist to learn more.

The first developer preview of Privacy Sandbox on Android

Posted by Fred Chung, Android Developer Relations

Blue graphic with privacy icons such as an eye, a lock, and cursor 

We recently announced the Privacy Sandbox on Android to enable new advertising solutions that improve user privacy, and provide developers and businesses with the tools to succeed on mobile. Since the announcement, we've heard from developers across the ecosystem on our initial design proposals. Your feedback is critical to ensure we build solutions that work for everyone, so please continue to share it through the Android developer site.

Today, we're releasing the first developer preview for the Privacy Sandbox on Android, which provides an early look at the SDK Runtime and Topics API. You'll be able to do preliminary testing of these new technologies and evaluate how you might adopt them for your solutions. This is a preview, so some features may not be implemented just yet, and functionality is subject to change. See the release notes for more details on what's included in the release.


What’s in the Developer Preview?

The Privacy Sandbox Developer Preview provides additional platform APIs and services on top of the Android 13 Developer Beta release, including an SDK, system images, emulator, and developer documentation. Specifically, you'll have access to the following:

  • Android SDK and 64-bit Android Emulator system images that include the Privacy Sandbox APIs. See the setup guide.
  • Device system images for Pixel 6 Pro, Pixel 6, Pixel 5a (5G), Pixel 5, Pixel 4, and Pixel 4a. This preview release is for developers only and not intended for daily or consumer use, so we're making it available by manual download only.
  • Developer guides for the SDK Runtime and Topics API.
  • Sample code that demonstrates the implementation of runtime-enabled SDKs and usage of the Topics API, available on GitHub.
  • Privacy Sandbox API reference.

Things you can try

When your development environment is set up, consider taking the following actions:

  • Familiarize yourselves with the technical proposals on the SDK Runtime, Topics, Attribution Reporting, and FLEDGE on Android.
  • Topics API: Invoke the API and retrieve test values, representing a user's coarse-grained interests. See the documentation for detail.
  • SDK Runtime: Build and install a runtime-enabled SDK on a test device or emulator. Create a test app to load the SDK in the runtime and request the SDK to remotely render a WebView-based ad in the app. See the documentation for detail.
  • Review and run the sample apps.
  • For details on capabilities and known limitations in this Developer Preview release, check out the release notes.

Over the coming months, we'll be releasing updates to the Developer Preview including early looks at the Attribution Reporting and FLEDGE APIs. For more information, please visit the Privacy Sandbox developer site. You can also share your feedback or questions, review progress updates so far, and sign up to receive email updates.

Happy testing!