Schlagwort: Safety&Security

  • 6 ways Google Play helps keep you safe6 ways Google Play helps keep you safeVice President, Product, Trust & Growth

    6 ways Google Play helps keep you safe6 ways Google Play helps keep you safeVice President, Product, Trust & Growth

    Reading Time: < 1 minute

    3. Secure payments and purchase verification

    Google Play’s billing system ensures you can safely purchase digital products and subscriptions. Your payment information stays between you and Google — it’s securely stored and isn’t shared with app developers. For an extra level of security, you can also require purchase verification, providing authentication with password or biometrics any time that you make a purchase on Google Play.

    4. Trusted tools for kids and families

    We partner with app businesses and parents to help keep kids and teens safe online while empowering families. If children are the target audience for an app, there are additional Play requirements that the app must meet concerning its content and handling of personal information. And, with our parental controls, parents can choose to restrict age-inappropriate experiences and content from being downloaded or purchased.

    5. Control over your Play data

    You have transparency and control when it comes to what Play data is used to shape your store results and recommendations. For example, you can tell Play not to use data associated with a particular app for personalization within the Play store.

  • Google’s legislative proposal for keeping kids safe onlineGoogle’s legislative proposal for keeping kids safe onlineDirector

    Google’s legislative proposal for keeping kids safe onlineGoogle’s legislative proposal for keeping kids safe onlineDirector

    Reading Time: 3 minutes

    Everyone wants to protect kids and teens online, and make sure they engage with age-appropriate content, but how it’s done matters. There are a variety of fast-moving legislative proposals being pushed by Meta and other companies in an effort to offload their own responsibilities to keep kids safe to app stores. These proposals introduce new risks to the privacy of minors, without actually addressing the harms that are inspiring lawmakers to act. Google is proposing a more comprehensive legislative framework that shares responsibility between app stores and developers, and protects children’s privacy and the decision rights of parents.

    Where current legislative proposals fall short

    One example of concerning legislation is Utah’s App Store Accountability Act. The bill requires app stores to share if a user is a kid or teenager with all app developers (effectively millions of individual companies) without parental consent or rules on how the information is used. That raises real privacy and safety risks, like the potential for bad actors to sell the data or use it for other nefarious purposes.

    This level of data sharing isn’t necessary — a weather app doesn’t need to know if a user is a kid. By contrast, a social media app does need to make significant decisions about age-appropriate content and features. As written, however, the bill helps social media companies avoid that responsibility despite the fact that apps are just one of many ways that kids can access these platforms. And by requiring app stores to obtain parental consent for every single app download, it dictates how parents supervise their kids and potentially cuts teens off from digital services like educational or navigation apps.

    A legislative framework that better protects kids

    By contrast, we are focused on solutions that require appropriate user consent and minimize data exposure. Our legislative framework, which we’ll share with lawmakers as we continue to engage on this issue, has app stores securely provide industry standard age assurances only to developers who actually need them — and ensures that information is used responsibly. Here are more details:

    • Privacy-preserving age signal shared only with consent: Some legislation, including the Utah bill, require app stores to send age information to all developers without permission from the user or their parents. In our proposal, only developers who create apps that may be risky for minors would request industry standard age signals from app stores, and the information is only shared with permission from a user (or their parent). By just sharing with developers who need the information to deliver age-appropriate experiences, and only sharing the minimum amount of data needed to provide an age signal, it reduces the risk of sensitive information being shared broadly.
    • Appropriate safety measures within apps: Under our proposal, an age signal helps a developer understand whether a user is an adult or a minor — the developer is then responsible for applying the appropriate safety and privacy protections. For example, an app developer might filter out certain types of content, introduce take a break reminders, or offer different privacy settings when they know a user might be a minor. Because developers know their apps best, they are best positioned to determine when and where an age-gate might be beneficial to their users, and that may evolve over time, which is another reason why a one-size-fits-all approach won’t adequately protect kids.
    • Responsible use of age signals: Some legislative proposals create new child safety risks because they establish no guardrails against developers misusing an age signal. Our proposal helps to ensure that any age signals are used responsibly, with clear consequences for developers who violate users’ trust. For example, it protects against a developer improperly accessing or sharing the age signal.
    • No ads personalization to minors: Alongside any age assurance proposal, we support banning personalized advertisements targeting users under 18 as an industry standard. At Google, this is a practice we’ve long disallowed. It’s time for other companies to follow suit.
    • Centralized parental controls: Recognizing that parents sometimes feel overwhelmed by parental controls across different apps, our proposal would provide for a centralized dashboard for parents to manage their children’s online activities across different apps in one place and for developers to easily integrate with.

    Google has demonstrated our commitment to doing our part to keep kids safe online. We’re ready to build on this work and will continue engaging with lawmakers and developers on how to move this legislative framework for age assurance forward.

  • Here’s how we’re helping developers build safer Android apps more efficientlyHere’s how we’re helping developers build safer Android apps more efficiently

    Here’s how we’re helping developers build safer Android apps more efficientlyHere’s how we’re helping developers build safer Android apps more efficiently

    Reading Time: < 1 minute

    On the Android Developers Blog, we’re sharing how we’re making it easier than ever for developers to build safe apps, while also continuing to strengthen our ecosystem’s protection in 2025 and beyond. Here are just a few highlights:

    • We’re expanding Play Console’s pre-review checks to make it easier for developers to build safer apps, right from the start.
    • We’re offering more policy support for developers and adding new features to help teams deal with emerging threats.
    • We’re making it harder for malicious actors to trick users into downloading harmful apps from Internet-sideloaded sources.

    You can read more on the Android Developers Blog.

    Website: LINK

  • We’re sharing how we kept Google Play safe from bad apps in 2024.We’re sharing how we kept Google Play safe from bad apps in 2024.

    We’re sharing how we kept Google Play safe from bad apps in 2024.We’re sharing how we kept Google Play safe from bad apps in 2024.

    Reading Time: < 1 minute

    In 2024, we continued to invest in more ways to protect our community and fight bad actors, so billions of people can trust the apps they download from Google Play and millions of developers can build thriving businesses.

    AI-powered threat detection, stronger privacy policies, enhanced tools for app developers and more have enabled us to stop more bad apps than ever from reaching users through the Play Store, protecting people from harmful or malicious apps before they can cause any damage.

    To learn more about how we’re helping keep Android users safe on Google Play and beyond, read the Google Security Blog.

  • New features in Android to help you stay safe from unwanted Bluetooth trackingNew features in Android to help you stay safe from unwanted Bluetooth tracking

    New features in Android to help you stay safe from unwanted Bluetooth trackingNew features in Android to help you stay safe from unwanted Bluetooth tracking

    Reading Time: < 1 minute

    Android’s unknown tracker alerts automatically notify you if an unfamiliar Bluetooth tracker is moving with you to help you take action to protect yourself.

    As part of our ongoing commitment to safety, we’ve made technology improvements to bring you alerts faster and more often. We’re also rolling out two new features for Find My Device compatible tags:

    • Temporarily Pause Location: You can now temporarily pause location updates from your phone to prevent your device’s location from being used by a detected unknown tag for up to 24 hours. This provides an extra layer of privacy and control, allowing you to take a first action quickly while you locate and physically disable the tag.
    • Find Nearby: If you receive an unknown tracker alert, you can now use the „Find Nearby“ feature to pinpoint the tag’s location. Your Android device will guide you to the tag, to help you find it if it’s hidden.

    Your safety is our priority, so we’re continuously improving unknown tracker alerts to help you stay ahead of unwanted tracking. Learn more about these new features in our help center.

    Website: LINK

  • 6 cybersecurity mistakes people make — and what to do instead6 cybersecurity mistakes people make — and what to do instead

    6 cybersecurity mistakes people make — and what to do instead6 cybersecurity mistakes people make — and what to do instead

    Reading Time: 5 minutes

    From sending emails to scrolling through social media, our lives are very much online. Every click, login, and piece of information we share builds our digital footprint, one that requires constant protection from online threats like scams and malware. Implementing best practices to stay safe online can feel overwhelming, but don’t worry — we’re here to help!

    We asked two of our experts to walk us through the all-too-common cybersecurity mistakes people make online, and what to do instead. Read on to learn more about which habits you should drop for good, and how to start this year with a safer, more secure online life.

    Mistake #1: Using the same password everywhere

    Reusing passwords is one of the most common cybersecurity habits we all should drop, says Sriram Karra, senior product manager of sign-in security. This seemingly innocuous habit can create a dangerous domino effect. For example, say you use your Gmail password on another platform and that platform suffers a breach — then, your Google Account also becomes vulnerable. „No matter how strong our online security is, a breach of a third-party website can compromise your Google Account if you’re reusing passwords,“ Sriram says.

    What to do instead: Never reuse passwords; instead, use Google Password Manager to make it easier to generate and keep track of unique sign-in credentials. In addition, „pay special attention to picking a strong and unique password for your Google account, because if that Google account gets compromised you can also lose access to other accounts,“ Sriram says. “Many websites send password reset links to your registered email. This means if someone gains access to your Gmail, they could easily take over your other accounts by resetting their passwords.”

    You can also add passkeys to your Google account, which will allow you a safe and simple way to sign into your account using your device’s biometrics or PIN. And as other services add passkey support, start using them for a convenient and password-free sign-in experience.

    Mistake #2: Neglecting software updates

    It might be tempting to ignore those annoying software update reminders, but our experts caution against it. “Allowing regular software updates is actually the second-most crucial security practice after using a password manager,” says Christiaan Brand, group product manager of identity. These updates often contain vital security patches that fix vulnerabilities attackers exploit. Delaying them leaves your devices, data, and privacy at risk.

    Plus, if you procrastinate on updating, many software updates have a way of forcing themselves eventually, often at inconvenient times. This can disrupt your workflow or downtime, and sometimes even lead to application crashes or temporary loss of functionality.

    What to do instead: Prioritizing timely software updates is essential for maintaining a healthy and secure digital life. Regularly update your devices‘ software, ensuring you benefit from the latest security patches and protections. Platforms like Android and ChromeOS provide most system and security updates automatically to ensure your devices stay up-to-date against emerging threats, providing a proactive defense mechanism without you having to do anything.

    Mistake #3: Overlooking 2-Step Verification

    Another crucial online security mistake is neglecting to turn on 2-Step Verification, a security feature that adds a step during sign-in to help prevent someone from accessing your account unless you allow it. „Adding a second step of verification can cut down many kinds of attacks, including 100% of automated bot attacks,“ Sriram says. Yet, users often ignore setting up this simple and effective feature.

    What to do instead: Turn on 2-Step Verification by following these instructions for your Google Account. Once it is on, 2-Step Verification sends prompts to your phone to allow log-in attempts. It adds an extra layer of protection, making unauthorized access to your account a significantly more challenging feat. It’s like having a second lock on your digital door — a small inconvenience for a significant boost in security.

    If you are at a higher risk due to your profession, online presence, or personal circumstances, you can opt into our Advanced Protection Program.

    Mistake #4: Not setting a screen lock PIN on your mobile device

    „It might seem like a hassle, but configuring a screen lock on your device, even if it seems unnecessary, is crucial for protecting your data,“ Christiaan says. This simple step safeguards your information from unauthorized access and accidental triggers, bringing peace of mind and reinforcing good security habits.

    Not all screen lock PINs are created equal, however; Sriram says to avoid using weak PINs with easily identifiable patterns like 1234. „These methods may seem convenient, but they pose a significant security risk if your phone falls into the wrong hands,“ he says.

    What to do instead: Choose a strong screen lock option, like a complex password or biometric authentication, which uses fingerprint or facial recognition — Google Pixel phones, for example, offer convenient and secure biometric options. If you lose or misplace your phone, Google’s Find My Device tool helps you locate and secure it. And even in trusted locations like your home or office, you can choose when and how long your phone stays unlocked.

    Mistake #5: Clicking on suspicious links

    Cybercriminals often disguise malicious links as legitimate ones, making it difficult to discern truth from deception. „It’s hard to advise never clicking on things or only clicking on links from trusted senders,“ Christiaan acknowledges, because in today’s digital landscape, malicious links can come in the form of legitimate-looking emails and seemingly harmless posts on social media. But if you’re not careful, all of these can be a gateway to malware and data theft.

    What to do instead: Stay vigilant; be wary of any links you click on, even ones that look legitimate. For an extra layer of protection, make sure to enable Google Enhanced Safe Browsing, which identifies and warns against a list of known phishing and malware sites that is updated in real-time. By leveraging this tool, you actively shield yourself from threats that could compromise your security. It’s like having a personal online security guard keeping an eye out for you while you browse.

    Mistake #6 Not having a password recovery plan

    Forgetting your password or misplacing your phone — a crucial part of a two-factor authentication system — can happen to anyone. „These are normal occurrences, and we have robust automated Account Recovery to deal with them,“ Sriram assures us. But if you haven’t set up a recovery plan before they happen, you can be caught stranded without access to your account for a long time.

    What to do instead: Create a recovery plan before you need it, so when the time comes you won’t be locked out of your account. You can add a recovery email address or phone number so Google can contact you if you get locked out of an account. Be sure to set up your account with sufficient verification information to make sure it is up to date for a smoother recovery process. Like a spare key, Google’s account recovery options give you the tools to regain access, even if you lose your password or device.

    By following our experts’ advice and using Google’s powerful tools, you can build a strong digital defense and navigate the ever-changing digital landscape with confidence.

    Website: LINK

  • Read this year’s Android Security Paper for the latest on mobile protectionsRead this year’s Android Security Paper for the latest on mobile protectionsDirector

    Read this year’s Android Security Paper for the latest on mobile protectionsRead this year’s Android Security Paper for the latest on mobile protectionsDirector

    Reading Time: < 1 minute

    The world is facing a growing number of cybersecurity challenges, and the cost of cybercrime for organizations can range from tens of thousands of dollars to multiple millions. In fact, a recent FBI report shared that more than 800,000 cybercrime-related complaints were filed in 2022, with losses totaling over $10 billion.

    Mobile devices are popular targets for cybercriminals, so it’s essential to put strong mobile security measures in place. Collaboration is also critical to improving mobile security. Developers, device manufacturers, security researchers, vendors, academics and the wider Android community constantly work together to discover and mitigate platform vulnerabilities as part of the Android Open Source Project.

    To share and document the latest Android security capabilities, we’ve published an update to the Android Security Paper. The paper provides a comprehensive overview of the platform’s built-in, proactive security across hardware, anti-exploitation, Google Security Services and the range of management APIs available for businesses and governments alike.

    Website: LINK

  • Protect your business with Zero Trust security on AndroidProtect your business with Zero Trust security on AndroidSenior Product Manager, Android EnterpriseDirector

    Protect your business with Zero Trust security on AndroidProtect your business with Zero Trust security on AndroidSenior Product Manager, Android EnterpriseDirector

    Reading Time: < 1 minute

    Zero Trust security is an increasingly important way for organizations to protect their data. As a quick refresher, this method requires device, user and network verification for access to corporate resources — and only the minimum access necessary. In a nutshell, trust is never implicit.

    Large enterprises, small businesses and government organizations are all evaluating and implementing Zero Trust. And this investment couldn’t come at a better time. In fact, United States Executive Order 14028 now requires government agencies and their suppliers to set up a Zero Trust architecture. With Android Enterprise, the 94% of organizations currently implementing a Zero Trust architecture can quickly expand it to their mobile devices.

    Android’s Zero Trust capabilities

    A Zero Trust approach requires analyzing device signals to understand a device’s security posture and the context of the access request. Android provides a wide range of signals that businesses can use to help establish trust. There are currently more than 100 unique device trust signals available across 30 APIs on Android devices.

    Website: LINK

  • Checks, Google’s AI-powered privacy platformChecks, Google’s AI-powered privacy platformCo-Founder & GM, ChecksCo-Founder & Legal Lead, Checks

    Checks, Google’s AI-powered privacy platformChecks, Google’s AI-powered privacy platformCo-Founder & GM, ChecksCo-Founder & Legal Lead, Checks

    Reading Time: < 1 minute

    Checks has experienced tremendous growth over the past year, helping global companies in the gaming, health, finance, education and retail sectors. With apps from current Checks customers representing over 3+ billion in collective downloads, the platform has already helped companies, like Miniclip, Rovio, Kongregate, Crayola and Yousician, navigate privacy compliance more efficiently.

    Checks has also partnered with the Entertainment Software Rating Board (ESRB) Privacy Certified team to accelerate and enhance their privacy and data compliance processes globally. This partnership helps ensure that ESRB Privacy Certified members are compliant with the latest privacy regulations and are providing their customers with the best possible experience.

    As the privacy landscape continues to evolve, Google recognizes the importance of continuing to provide tools that help our partners and our users. From our Safer with Google program to the newly announced Privacy Sandbox, Google is committed to helping developers build trust with their users. We strongly believe that privacy is for everyone and we are here to help make it easier for companies to protect the privacy of their users.

    If you are a company that is looking to simplify privacy compliance, please visit our website at checks.google.com to get started!

  • The Privacy Sandbox Beta is coming to AndroidThe Privacy Sandbox Beta is coming to AndroidVP, Privacy Sandbox at Google

    The Privacy Sandbox Beta is coming to AndroidThe Privacy Sandbox Beta is coming to AndroidVP, Privacy Sandbox at Google

    Reading Time: < 1 minute

    We’re entering the next phase of the Privacy Sandbox initiative, rolling out the first Beta for Android to eligible devices.We’re entering the next phase of the Privacy Sandbox initiative, rolling out the first Beta for Android to eligible devices.Website: LINK

  • How Android protects you from scams and phishing attacks …

    How Android protects you from scams and phishing attacks …

    Reading Time: 4 minutes

     

    Cybercriminals are targeting smartphones and tablets more than ever before. That’s because people are spending more time on their mobile devices, and they’re using them to send and store significant amounts of valuable data — like banking information, healthcare data and passwords. Cybercriminals are also targeting mobile devices because of their smaller screen sizes and frequent app and messaging notifications, which make it more difficult to verify if a sender is legitimate.

    These criminals are increasingly using phishing attacks, scams and malware to obtain sensitive financial information or account passwords. In fact, during the pandemic, phishing attacks grew by 600% and became the top infection method in 2021.

    Phishing attempts can come from a variety of sources like emails, text messages, voice calls and even third-party messaging apps. So it’s critical to have a layered security approach in place to defend from many angles. To help ensure we’re providing strong protection on Android, we hired a third-party security lab to evaluate our features and functionality that help protect you from scam and phishing attacks on your mobile devices. The report concluded that Android devices provide more features for scam and phishing protection than other mobile operating systems[15bb22].

    For Cybersecurity Awareness Month, let’s take a closer look at these features and ways you can further protect your devices.

    Avoid spam, scam and phishing attempts

    Attackers often use text messages since they’re an easy channel to reach people. Messages by Google uses machine learning models to help proactively detect 1.5 billion spam, phishing and scam messages every month. It looks for known patterns and either diverts bad messages into the spam folder or warns you if it notices something suspicious.

    A phone screen shows a “suspected spam” warning underneath a phone number, with the option to “report spam.”

    Messages by Google detects 1.5 billion spam, phishing and scams messages every month.

    Messages are analyzed with your privacy in mind, so they stay on your device and are never shared with anyone. You can, however, report a message to Google to help protect others. Gmail, the default email app on most Android phones, is also highly effective at flagging malicious messages, automatically blocking 99.9% of spam, phishing and malware.

    Attackers today aren’t just using text messages and emails to phish for data. We’ve seen a 5x increase in the number of attacks involving phone calls, where a criminal tries to impersonate your bank or IT department to get you to hand over your credentials. Phone by Google provides multiple security defenses to help protect against attacks like these — from built-in caller ID and spam protection to Call Screen.

    Get warned about bad links, downloads and apps

    Many phishing and scam attempts try to get you to visit a malicious page impersonating a legitimate-looking site to enter your credentials, steal your social security number or download malware. Safe Browsing on Android protects 3 billion devices globally and helps warn you about potentially risky sites, downloads and extensions. It offers broad protection throughout your Android experience — from browsing on Chrome and other browsers to connecting to the web through social media apps

    A red phone screen shows a warning for a website, which says “the site ahead contains malware.

    Safe Browsing helps defend you from dangerous websites and malicious files whether you’re on a browser or an app.

    Even if you download an app outside of Google Play, Google Play Protect checks the installation and can warn you about a harmful or malicious app. Play Protect also scans all the apps on your device every day for harmful ones, even if you’re offline.

    Get notified about your Google account

    On Android phones running version 7.0 and up, you can use the built-in security key for additional protection. When you or someone else tries to sign into your Google account, you’ll get a notification on your phone asking to confirm that it’s you.

    And it’s always good to regularly do a Security Checkup, which you can access right from your device settings. It’ll provide personalized security tips for your account, remind you to keep your passwords up to date, and share what devices you’re currently signed in on and what apps have access to your data.

    Learn more about how you and your data are safer with Google on Android devices.

    Read the latest on how Android protects people from phishing, scams and spam with multiple layers of security.

    Website: LINK

  • Get more information about your apps in Google PlayGet more information about your apps in Google PlayVice President, Product, Android Security and Privacy

    Get more information about your apps in Google PlayGet more information about your apps in Google PlayVice President, Product, Android Security and Privacy

    Reading Time: 2 minutes

    We work hard to keep Google Play a safe, trusted space for people to enjoy the latest Android apps. Today, we’re launching a new feature, the Data safety section, where developers will be required to give people more information about how apps collect, share and secure users’ data. Users will start seeing the Data safety section in Google Play today, and developers are required to complete this section for their apps by July 20th. As app developers update their functionality or change their data handling practices, they will show the latest in the apps’ Data safety section.

    A unified view of app safety in Google Play

    We heard from users and app developers that displaying the data an app collects, without additional context, is not enough. Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties. In addition, users want to understand how app developers are securing user data after an app is downloaded. That’s why we designed the Data safety section to allow developers to clearly mark what data is being collected and for what purpose it’s being used. Users can also see whether the app needs this data to function or if this data collection is optional.

    Here are the information developers can show in the Data safety section:

    • Whether the developer is collecting data and for what purpose.
    • Whether the developer is sharing data with third parties.
    • The app’s security practices, like encryption of data in transit and whether users can ask for data to be deleted.
    • Whether a qualifying app has committed to following Google Play’s Families Policy to better protect children in the Play store.
    • Whether the developer has validated their security practices against a global security standard (more specifically, the MASVS).
    Android phone showing the Data safety section of an app on Google Play

    Putting users in control, before and after you download

    Giving users more visibility into how apps collect, share and secure their data through the Data safety section is just one way we’re keeping the Android users and ecosystem safe.

    We’ve also worked hard to give users control of installed apps through simple permissions features. For example, when an app asks to access “your location”, users can quickly and easily decide whether they want to grant that permission – for one time use, only while using the app, or all the time. For sensitive permissions like camera, microphone, or location data, people can go to the Android Privacy dashboard to review data access by apps.

    Apps should help users explore the world, connect with loved ones, do work, learn something new, and more without compromising user safety. The new Data safety section, in addition to Google Play’s existing safety features, gives people the visibility and control they need to enjoy their apps.

    To learn more about Google Play’s Data safety section, check out this guide.

    We are launching Google Play’s Data safety section to put users in control, before and after the download.

    Website: LINK

  • Introducing the Privacy Sandbox on AndroidIntroducing the Privacy Sandbox on AndroidVP, Product Management, Android Security & Privacy

    Introducing the Privacy Sandbox on AndroidIntroducing the Privacy Sandbox on AndroidVP, Product Management, Android Security & Privacy

    Reading Time: 3 minutes

    Mobile apps are a core part of our everyday lives. Currently over 90% of the apps on Google Play are free, providing access to valuable content and services to billions of users. Digital advertising plays a key role in making this possible. But in order to ensure a healthy app ecosystem — benefiting users, developers and businesses — the industry must continue to evolve how digital advertising works to improve user privacy. That’s why we originally developed advertising ID to give users more control. Last year we introduced improvements to these controls, but we believe it’s important to go further.

    Today, we’re announcing a multi-year initiative to build the Privacy Sandbox on Android, with the goal of introducing new, more private advertising solutions. Specifically, these solutions will limit sharing of user data with third parties and operate without cross-app identifiers, including advertising ID. We’re also exploring technologies that reduce the potential for covert data collection, including safer ways for apps to integrate with advertising SDKs.

    The Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path forward to improve user privacy without putting access to free content and services at risk.

    Blunt approaches are proving ineffective

    ​​We realize that other platforms have taken a different approach to ads privacy, bluntly restricting existing technologies used by developers and advertisers. We believe that — without first providing a privacy-preserving alternative path — such approaches can be ineffective and lead to worse outcomes for user privacy and developer businesses.

    Our goal with the Privacy Sandbox on Android is to develop effective and privacy enhancing advertising solutions, where users know their information is protected, and developers and businesses have the tools to succeed on mobile. While we design, build and test these new solutions, we plan to support existing ads platform features for at least two years, and we intend to provide substantial notice ahead of any future changes.

    Working with the industry

    Starting today, developers can review our initial design proposals and share feedback on the Android developer site. We plan to release developer previews over the course of the year, with a beta release by the end of the year. We’ll provide regular updates on designs and timelines, and you can also sign up to receive updates.

    We know this initiative needs input from across the industry in order to succeed. We’ve already heard from many partners about their interest in working together to improve ads privacy on Android, and invite more organizations to participate.

    • Quote from Snap Inc. saying „“At Snap, we’ve made privacy a priority and placed it at the center of how we design our products. We are excited to collaborate with Google to develop new privacy-preserving standards for Android.“
    • Quote from Rovio saying “We support Google’s effort to elevate privacy standards on the platform, while making it easier for users to understand how their data is being used. It’s great they are involving developers in the process early to make sure we have time to react and participate in such an important change.”
    • Quote from Duolingo saying „“User privacy is a priority for Duolingo and we appreciate the deliberative process Android is taking to publish new proposals and solicit feedback from the ecosystem.”

    We’re also committed to working closely with regulators. We’ve offered public commitments for our Privacy Sandbox efforts on the web, including ensuring that we don’t give preferential treatment to Google’s ads products or sites. We’ll apply these principles to our Android work as well, and continue working with the U.K. Competition and Markets Authority, and others.

    The Privacy Sandbox on Android is an important part of our mission to raise the bar for user privacy, while giving developers and businesses the tools they need to succeed on mobile. We look forward to working with the industry on this journey.

    We are expanding the Privacy Sandbox initiative to Android to introduce new, more private advertising solutions to mobile.

    Website: LINK

  • 6 new features on Android this summer6 new features on Android this summerProgram Manager, Android

    6 new features on Android this summer6 new features on Android this summerProgram Manager, Android

    Reading Time: 4 minutes

    From keeping your account password safe to scheduling text messages to send at the right moment, we’re constantly rolling out new updates to the 3 billion active Android devices around the world. Today, we’re welcoming summer with six updates for your Android that focus on safety  — so you’re protected at every turn.

    1. Android Earthquake Alerts System is rolling out globally

    Earthquake alert screen that clicks through to an earthquake safety info screen

    Last year, we embarked on a mission to build the world’s largest earthquake detection network, based on technology built into Android devices. With this free system, people in affected areas can get alerts seconds before an earthquake hits, giving you advance notice in case you need to seek safety. We recently launched the Android Earthquake Alerts System in New Zealand and Greece. Today, we’re introducing the Android Earthquake Alerts System in Turkey, the Philippines, Kazakhstan, Kyrgyz Republic, Tajikistan, Turkmenistan and Uzbekistan.

    We are prioritizing launching Earthquake Alerts in countries with higher earthquake risks, and hope to launch in more and more countries over the coming year.

    2. Star what’s important with the Messages app

    10:25

    With tons of messages from family, friends, colleagues and others, it’s easy for information to get lost. Now, you can star a message on your Messages app to keep track of what’s important, and easily find it later without scrolling through all of your conversations. Just tap and hold your message, then star it. And when you want to revisit a message, like your friend’s address or the photo from your family reunion, tap on the starred category. 

    Starred messages will start to roll out more broadly over the coming weeks.

    3. Find the perfect Emoji Kitchen sticker at the perfect time

    After typing a message, relevant emoji mixes are proactively displayed at the top of the keyword

    In May, we introduced a new section in your recently used Emoji Kitchen stickers so you can quickly get back to the ones you use most frequently. Soon you’ll also start to see contextual suggestions in Emoji Kitchen once you’ve typed a message. These will help you discover the perfect emoji combination at the exact moment you need it.

    Contextual Emoji Kitchen suggestions are available in Gboard beta today and are coming to all Gboard users this summer for messages written in English, Spanish and Portuguese on devices running Android 6.0 and above.

    4. Access more of your favorite apps with just your voice

    10:25

    Ask Google to open or search many of your favorite apps using just your voice — you can say things like,  “Hey Google, pay my Capital One bill” to jump right into the app and complete the task or “Hey Google, check my miles on Strava” to quickly see your weekly progress right on the lock screen. See what else you can do by saying “Hey Google, shortcuts.” 

    5. Improved Password Input and gaze detection on Voice Access

    A gaze detection icon on a screen changes from crossed out to active when a character turns its head towards the device to speak the "scroll down" command in Voice Access

    Built with and for people with motor disabilities, and helpful for those without, Voice Access gives you quick and efficient phone and app navigation with just your voice.

    With gaze detection, now in beta, you can ask Voice Access to work only when you are looking at the screen — so you can naturally move between talking to friends and using your phone. 

    Voice Access now has enhanced password input. When it recognizes a password field, it will let you input letters, numbers and symbols. For example, you can say “capital P a s s w o r d” or names of symbols (like “dollar sign” to input a $), so it’s faster to safely enter your password.

    6. More customization and new app experiences on Android Auto

    After a user taps on the Messages app icon and + New, Google Assistant is activated to help send a new message from the launcher screen

    You can now customize more of your Android Auto experience for easier use, like personalizing your launcher screen directly from your phone and manually setting dark mode. It’s also easier to browse content with new tabs in your media apps, a “back to top” option and an A to Z button in the scroll bar. And, if it’s your first time using Android Auto, you can now get started faster in your car with a few simple taps.

    We’ve also added new app experiences to help enhance your drive. EV charging, parking and navigation apps are now available to use in Android Auto. Plus, we’ve improved the messaging experience, so you can access your favorite messaging apps  from the launcher screen. You can easily read and send new messages directly from apps like WhatsApp or Messages — now available globally. 

    These Android Auto features are available on phones running Android 6.0 or above, and when connected to your compatible car.

    Highlighting the latest Google updates that will make Android phones more safe and secure — for everyone.

    Website: LINK

  • Introducing Android Earthquake Alerts outside the U.S.Introducing Android Earthquake Alerts outside the U.S.Product Manager

    Introducing Android Earthquake Alerts outside the U.S.Introducing Android Earthquake Alerts outside the U.S.Product Manager

    Reading Time: 2 minutes

    In a natural disaster or emergency, every second counts. For example, when it comes to earthquakes, studies show that more than 50% of injuries can be prevented if users receive an early warning, and have the critical seconds needed to get to safety. That’s why last year, we launched the Android Earthquake Alerts System, which uses sensors in Android smartphones to detect earthquakes around the world. The free system provides near-instant information to Google Search about local seismic events when you search “Earthquake near me.”

     

    Today we’re announcing an expansion of the Android Earthquake Alerts System that uses both the detection and alerts capabilities, bringing these alerts to Android users in countries that don’t have early warning alert systems. We’re introducing the Android Earthquake Alerts System in Greece and New Zealand, where Android users will receive automatic early warning alerts when there is an earthquake in their area. Users who do not wish to receive these alerts can turn this off in device settings.

     

    We launched alerting in August 2020, in partnership with the United States Geological Survey (USGS) and powered by ShakeAlert®, which made alerts available for Android users in California. This feature recently expanded to users in Oregon and will be rolling out in Washington this May.

     

    Early warning alerts in New Zealand and Greece work by using the accelerometers built into most Android smartphones to detect seismic waves that indicate an earthquake might be happening. If the phone detects shaking that it thinks may be an earthquake, it sends a signal to our earthquake detection server, along with a coarse location of where the shaking occurred. The server then takes this information from many phones to figure out if an earthquake is happening, where it is and what its magnitude is.

     

    New Zealand and Greece will be the first countries to take advantage of both the detection and alert capabilities of the Android Earthquake Alerts System. Through this system, we hope to provide people with the advance notice they need to stay safe.

     

    We’re introducing our Android Earthquake Alerts System in Greece and New Zealand.

    Website: LINK

  • Your Android is now even safer — and 5 other new featuresYour Android is now even safer — and 5 other new featuresProduct Manager

    Your Android is now even safer — and 5 other new featuresYour Android is now even safer — and 5 other new featuresProduct Manager

    Reading Time: 5 minutes

    It wasn’t all that long ago that we introduced Android users to features like Emoji Kitchen and auto-narrated audiobooks. But we like to stay busy, so today we’re highlighting six of the latest Google updates that will make Android phones more secure and convenient — for everyone.

    1. Keep your accounts safe with Password Checkup on Android

    Password Checkup notification screen

    Password Checkup notification screen

    On Android, you can save passwords to your Google account, making it quicker and easier to sign into your apps and services using Autofill. Your login credentials are one of your first lines of defense against intruders, so we’ve integrated Password Checkup into devices running Android 9 and above. This feature lets you know if the password you used has been previously exposed and what to do about it.

    Now when you enter a password into an app on your phone using Autofill with Google, we’ll check those credentials against a list of known compromised passwords — that is, passwords that have potentially already been stolen and posted on the web. If your credentials show up on one of these lists, we’ll alert you and guide you to check your password and change it. 

    Learn more on our support page about changing unsafe passwords. And you can find additional information about how this product works in this blog post.

    We’re passionate about building defense into every detail on Android, from downloading apps to browsing the web to choosing where and when you share your data. Learn more about how Android keeps you safe.

    2. Use schedule send in Messages to write a text now and send it later

    Schedule a text to send it at your chosen date and time

    Click on the image above to learn how to schedule a text to send at your chosen date and time

    Over half a billion people across the world use Messages to seamlessly and safely connect with family, friends and others every month. To continue  improving the way you communicate and help you stay in touch, we’re starting to roll out schedule send in Messages for phones running Android 7 and newer. 

    Having loved ones in another time zone or on a different schedule can sometimes make it difficult to send a text at an appropriate time. With schedule send, you can compose a message ahead of time when it’s convenient for you, and schedule it to send at the right moment. Just write your message as you normally would, then hold and press the send button to select a date and time to deliver your message. Download Messages or update to the latest version to schedule your next text.

    3. No need to look at your screen, with TalkBack

    Start and stop media with Talkback gestures

    Click on the image above to see how to start and stop media with Talkback gestures 

    For those who are blind or have trouble seeing the display, the new version of TalkBack, Android’s screen reader, is now available. Using spoken feedback and gestures, TalkBack makes Android even more accessible and opens up a full phone experience without needing to look at your screen. We worked closely with the blind and low vision communities on this revamp of TalkBack to incorporate the most popularly requested features including: more intuitive gestures, a unified menu, a new reading control menu and more. Get TalkBack today by downloading or updating your Android accessibility apps in the Google Play Store.

    4. Get more done hands-free with Google Assistant

    Use Google Assistant to send a text, even when your phone is locked

    Use Google Assistant to send a text, even when your phone is locked

    We want to give you more ways to use your phone hands-free — so you can do things like use your voice to make calls, set timers or alarms and play music. Now, the latest updates to Google Assistant make it easier to get things done on your phone without needing to be right next to it.

    Assistant now works better even when your phone is locked or across the room with new cards that can be read with just a glance. Just say “Hey Google, set an alarm” or “Hey Google, play pop music on Spotify.” To get the most out of Assistant when your phone is locked, simply turn on Lock Screen Personal Results in Assistant setting and say “Hey Google “ to send text messages and make calls.

    5. Come to the dark side with dark theme in Google Maps 

    San Francisco on Google Maps dark theme

    San Francisco on Google Maps dark theme

    These days, we’re all experiencing a bit of screen fatigue. With dark theme in Google Maps soon expanding to all Android users globally, you can give your eyes a much-needed break and save on battery life. Simply head to your Settings, tap on Theme and then on “Always in Dark Theme” to lower the lights when you’re navigating, exploring, or getting things done with Maps. Change your mind? Just tap on “Always in Light Theme” to switch it back.

    6. A better drive with Android Auto

    Stay entertained with voice-activated games on your display with Android Auto

    Stay entertained with voice-activated games on your display with Android Auto

    Android Auto’s new features help you enjoy the drive more. With custom wallpapers, you can now select from a variety of car-inspired backgrounds to personalize your car display. For longer drives, you and your passengers can stay entertained with voice-activated games like trivia and “Jeopardy!” Just say, “Hey Google, play a game” to get started. 


    We’ve also launched shortcuts on the launch screen. These provide convenient access to your contacts and even allow you to use Assistant to complete tasks like checking the weather or remotely adjusting the thermostat by simply tapping on the icon on your car display, just as you would on your phone. For cars with wider screens, you can do more with a split-screen that features a real-time view of Google Maps and media controls. And if you have family and friends coming along for the ride, you can now set a privacy screen to control when Android Auto appears on your car display. 

    These Android Auto features will be available in the coming days on phones running Android 6.0 or above, and when connected to your compatible car.

    Highlighting the latest Google updates that will make Android phones more secure and convenient for everyone.

    Website: LINK

  • 7 ways admins can help secure accounts against phishing in G Suite7 ways admins can help secure accounts against phishing in G Suite

    7 ways admins can help secure accounts against phishing in G Suite7 ways admins can help secure accounts against phishing in G Suite

    Reading Time: 5 minutes

    We work hard to help protect your company against phishing attacks—from using machine learning, to tailoring our detection algorithms, to building features to spot previously unseen attacks. While we block as many external attacks as we can, we continue to build and offer features designed to empower IT administrators to develop strong internal defenses against phishing.

    Here are seven things we recommend admins do in G Suite to better protect employee data.

    1. Enforce 2-step verification

    Two-step verification (2SV) is one of the best ways to prevent someone from accessing your account, even if they steal your password. In G Suite, admins have the ability to enforce 2-step verification. 2SV can reduce the risk of successful phishing attacks by asking employees for additional proof of identity when they sign in. This can be in the form of phone prompts, voice calls, mobile app notifications and more.

    Image 1: phishing post

    G Suite also supports user-managed security keys—easy to use hardware authenticators. Admins can choose to enforce the use of security keys to help reduce the risk of stolen credentials being used to compromise an account. The key sends an encrypted signature and works only with authorized sites. Security keys can be deployed, monitored and managed directly from within the Admin console.

    The Key to working smarter faster and safer

    2. Deploy Password Alert extension for Chrome

    The Password Alert chrome extension checks each page that users visit to see if that page is impersonating Google’s sign-in page and notifies admins if users enter their G Suite credentials anywhere other than the Google sign-in page.

    Admins can enforce deployment of the Password Alert Chrome extension from the Google Admin Console (Device management > App Management > Password Alert)—just sign in and get started. You should check “Force installation“ under both “User Settings” and “Public session settings.”

    Image 2: phishing post

    Admins can also enable password alert auditing, send email alerts and enforce a password change policy when G Suite credentials have been used on a non-trusted website such as a phishing site.

    3. Allow only trusted apps to access your data

    Take advantage of OAuth apps whitelisting to specify which apps can access your users’ G Suite data. With this setting, users can grant access to their G Suite apps’ data only to whitelisted apps. This prevents malicious apps from tricking users into accidentally granting unauthorized access. Apps can be whitelisted by admins in the Admin console under G Suite API Permissions.

    Image 3: phishing post

    4. Publish a DMARC policy for your organization

    To help your business avoid damage to its reputation from phishing attacks and impersonators, G Suite follows the DMARC standard. DMARC empowers domain owners to decide how Gmail and other participating email providers handle unauthenticated emails coming from your domain. By defining a policy and turning on DKIM email signing, you can ensure that emails that claim to be from your organization, are actually from you.

    5. Disable third-party email client access for those who don’t need it

    The Gmail clients (Android, iOS, Web) leverage Google Safe Browsing to incorporate anti-phishing security measures such as disabling suspicious links and attachments and displaying warnings to users to deter them from clicking on suspicious links.

    By choosing to disable POP and IMAP, Google Sync andG Suite Sync for Microsoft Outlook, admins can ensure that a significant portion of G Suite users will only use Gmail clients and benefit from the built-in phishing protections that they provide. Additional measures include enabling OAuth apps whitelisting to block third-party clients as suggested earlier in the blog.

    Note: all third-party email clients, including native mobile mail clients, will stop working if the measures outlined above are implemented.

    Image 4: phishing post
    Disable-thirdparty.png

    6. Encourage your team to pay attention to external reply warnings

    By default, Gmail clients (Android, Web) warn G Suite users if they’re responding to emails sent from outside their domain by someone they don’t regularly interact with, or from someone not in their contacts. This helps businesses protect against forged emails, from malicious actors or just plain old user-error like sending an email to the wrong contact. Educate your employees to look for these warnings and be careful before responding to unrecognized senders. Unintended external reply warnings are controlled from the Admin console control in the “Advanced Gmail” setting.

    Image 6: phishing post

    7. Enforce the use of Android work profiles

    Work profiles allow you to separate your organization’s apps from personal apps, keeping personal and corporate data separate. By using integrated device management within G Suite to enforce the use of work profiles, you can whitelist applications that access corporate data and block installation of apps from unknown sources. You now have complete control over which apps have access to your corporate data.

    Image 7: phishing post

    These steps can help you improve your organization’s security posture and become more resistant to phishing attacks. Learn more at gsuite.google.com/security or sign up for our security webinar on September 20, 2017 which features new security research from Forrester and a demonstration on how the cloud can help effectively combat cyber threats.

    Website: LINK

  • How we stop fraudulent apps from holding you ransomHow we stop fraudulent apps from holding you ransom

    How we stop fraudulent apps from holding you ransomHow we stop fraudulent apps from holding you ransom

    Reading Time: 4 minutes

    Recently we shared our 2016 Android Security Year in Review, which looks at how we protect Android users and their data. Today, we’re taking a closer look at how we shield people from a rare—but particularly disruptive—potentially harmful app (PHA) known as ransomware. We’ve long had protections from ransomware in Android, and we added new ones in Nougat as well.

    Ransomware is a type of app that restricts access to your device until a sum of money is paid. Ransomware usually presents itself in one of two forms: apps that restrict access to your device and then demand payment to regain access to the device, or apps that encrypt data on the device’s external storage (such as an SD card) and then demand payment to decrypt your data. To make the scam more convincing, fraudsters sometimes pretend to be from a credible law enforcement agency and accuse you of doing something illegal so you’re more likely to pay.

    Although ransomware has begun to target mobile devices, it’s still rare: Since 2015, less than 0.00001 percent of installations from Google Play, and less than .01 percent of installations from sources other  than Google Play, were categorized as ransomware.  (That’s less than the odds of getting struck by lightning twice in your lifetime!).

    Ransomware_screen.png
    Some examples of popular ransomware

    And Android users have long been protected from ransomware. Our Google Play policies strictly prohibit apps that contain it, and if we ever detect these scams, we rapidly take action. Verify Apps, our security system that analyzes apps before they are installed and then regularly checks more than 400 million devices and 6 billion apps everyday for PHAs, is another safeguard. And Application Sandboxing, a technology that forces each app to operate independently of others, provides another layer of defense. Sandboxes require apps to mutually consent to sharing data, a protection which limits ransomware’s ability to access sensitive information like a contact list from another app.

    Ransomware_sandbox.jpg

    Ransomware protections in Android Nougat

    With the release of Android 7.0 Nougat, we added to existing defenses against ransomware, and also made some changes to address some of the newer tactics of ransomware scams. Here are a few examples:

    • Safety blinders: Apps can no longer see which other apps are active. That means scammy ones can’t see what other apps are doing—and can’t inform their attacks based on activity.
    • Even stronger locks: If you set a lockscreen PIN prior to installing ransomware, ransomware can’t misuse your device’s permissions to change your PIN and lock you out.
    • Whacking clickjacking: “Clickjacking” tricks people into clicking something, often by obscuring permission dialogs behind other windows. You’re now protected from ransomware attacks that use this tactic to sneakily gain control of a device.

    Protecting your data and device from ransomware

    Even with all the safeguards we’ve built into Android and Google Play to protect you from ransomware, there are still a few things that you can do to keep your device safe.

    1. Only download apps from a trustworthy source, such as Google Play.
    2. Ensure Verify Apps is enabled.
    3. Install security updates and always ensure your device is updated to the latest version to get the best security protection.
    4. Back up your device.
    5. Be cautious. Take a moment to read reviews and other information about apps before installing, to make sure you download the app you’re looking for.

    If you accidentally install ransomware on your phone, you have a few options. First, you can try to boot into safe mode. Starting your device in safe mode means your device only has the original software and apps that came with it. If an app is misbehaving but the issues go away in safe mode, the problem is probably caused by a third-party app downloaded on your device. If you can boot into safe mode, try to uninstall the app and then reboot the device. On a Pixel, you can get into safe mode with a keyboard combination that PHAs can’t touch.

    If safe mode doesn’t work, then you might have to reset your phone to factory settings. Many devices running Android allow you to remove dangerous apps by resetting it to factory settings (also referred to as formatting the device, or doing a „hard reset“). This should be your last resort, but if you’ve backed up your files, resetting your device should be easy. Check with your carrier or device manufacturer for instructions on how to reset your phone.

    Ransomware on Android is exceedingly rare. Still, we’ve implemented lots of new protections in Nougat, and we continue to improve on the defenses that have long been in place. Those protections, along with extra vigilance about how you download your apps, will help keep you and your device secure.

    Ransomware is a rare type of malicious app that restricts access to your mobile device until a sum of money is paid. We’ve long had protections from ransomware in Android—find out how we keep you safe.

    Website: LINK