Posted by Jeff Vander Stoep, Android Security team

[Cross-posted from the Android Developers Blog]

Android relies heavily on the Linux kernel for enforcement of its security model. To better protect the kernel, we’ve enabled a number of mechanisms within Android. At a high level these protections are grouped into two categories—memory protections and attack surface reduction.
Memory Protections
One of the major security features provided by the kernel is memory protection for userspace processes in the form of address space separation. Unlike userspace processes, the kernel’s various tasks live within one address space and a vulnerability anywhere in the kernel can potentially impact unrelated portions of the system’s memory. Kernel memory protections are designed to maintain the integrity of the kernel in spite of vulnerabilities.
Mark Memory As Read-Only/No-Execute
This feature segments kernel memory into logical sections and sets restrictive page access permissions on each section. Code is marked as read only + execute. Data sections are marked as no-execute and further segmented into read-only and read-write sections. This feature is enabled with config option CONFIG_DEBUG_RODATA. It was put together by Kees Cook and is based on a subset of Grsecurity’s KERNEXEC feature by Brad Spengler and Qualcomm’s CONFIG_STRICT_MEMORY_RWX feature by Larry Bassel and Laura Abbott. CONFIG_DEBUG_RODATA landed in the upstream kernel for arm/arm64 and has been backported to Android’s 3.18+ arm/arm64 common kernel.
Restrict Kernel Access to User Space
This feature improves protection of the kernel by preventing it from directly accessing userspace memory. This can make a number of attacks more difficult because attackers have significantly less control over kernel memory that is executable, particularly with CONFIG_DEBUG_RODATA enabled. Similar features were already in existence, the earliest being Grsecurity’s UDEREF. This feature is enabled with config option CONFIG_CPU_SW_DOMAIN_PAN and was implemented by Russell King for ARMv7 and backported to Android’s 4.1 kernel by Kees Cook.
Improve Protection Against Stack Buffer Overflows
Much like its predecessor, stack-protector, stack-protector-strong protects against stack buffer overflows, but additionally provides coverage for more array types, as the original only protected character arrays. Stack-protector-strong was implemented by Han Shan and added to the gcc 4.9 compiler.

Attack Surface Reduction
Attack surface reduction attempts to expose fewer entry points to the kernel without breaking legitimate functionality. Reducing attack surface can include removing code, removing access to entry points, or selectively exposing features.
Remove Default Access to Debug Features
The kernel’s perf system provides infrastructure for performance measurement and can be used for analyzing both the kernel and userspace applications. Perf is a valuable tool for developers, but adds unnecessary attack surface for the vast majority of Android users. In Android Nougat, access to perf will be blocked by default. Developers may still access perf by enabling developer settings and using adb to set a property: “adb shell setprop security.perf_harden 0”.
The patchset for blocking access to perf may be broken down into kernel and userspace sections. The kernel patch is by Ben Hutchings and is derived from Grsecurity’s CONFIG_GRKERNSEC_PERF_HARDEN by Brad Spengler. The userspace changes were contributed by Daniel Micay. Thanks to Wish Wu and others for responsibly disclosing security vulnerabilities in perf.
Restrict App Access to IOCTL Commands
Much of Android security model is described and enforced by SELinux. The ioctl() syscall represented a major gap in the granularity of enforcement via SELinux. Ioctl command whitelisting with SELinux was added as a means to provide per-command control over the ioctl syscall by SELinux.
Most of the kernel vulnerabilities reported on Android occur in drivers and are reached using the ioctl syscall, for example CVE-2016-0820. Some ioctl commands are needed by third-party applications, however most are not and access can be restricted without breaking legitimate functionality. In Android Nougat, only a small whitelist of socket ioctl commands are available to applications. For select devices, applications’ access to GPU ioctls has been similarly restricted.
Require SECCOMP-BPF
Seccomp provides an additional sandboxing mechanism allowing a process to restrict the syscalls and syscall arguments available using a configurable filter. Restricting the availability of syscalls can dramatically cut down on the exposed attack surface of the kernel. Since seccomp was first introduced on Nexus devices in Lollipop, its availability across the Android ecosystem has steadily improved. With Android Nougat, seccomp support is a requirement for all devices. On Android Nougat we are using seccomp on the mediaextractor and mediacodec processes as part of the media hardening effort.

Ongoing Efforts
There are other projects underway aimed at protecting the kernel:

• The Kernel Self Protection Project is developing runtime and compiler defenses for the upstream kernel.
• Further sandbox tightening and attack surface reduction with SELinux is ongoing in AOSP.
• Minijail provides a convenient mechanism for applying many containment and sandboxing features offered by the kernel, including seccomp filters and namespaces.
• Projects like kasan and kcov help fuzzers discover the root cause of crashes and to intelligently construct test cases that increase code coverage—ultimately resulting in a more efficient bug hunting process.

Posted by Jeff Vander Stoep, Android Security team

Android relies heavily on the Linux kernel for enforcement of its security model. To better protect the kernel, we’ve enabled a number of mechanisms within Android. At a high level these protections are grouped into two categories—memory protections and attack surface reduction.

Memory protections

One of the major security features provided by the kernel is memory protection for userspace processes in the form of address space separation. Unlike userspace processes, the kernel’s various tasks live within one address space and a vulnerability anywhere in the kernel can potentially impact unrelated portions of the system’s memory. Kernel memory protections are designed to maintain the integrity of the kernel in spite of vulnerabilities.

Mark memory as read-only/no-execute

This feature segments kernel memory into logical sections and sets restrictive page access permissions on each section. Code is marked as read only + execute. Data sections are marked as no-execute and further segmented into read-only and read-write sections. This feature is enabled with config option CONFIG_DEBUG_RODATA. It was put together by Kees Cook and is based on a subset of Grsecurity’s KERNEXEC feature by Brad Spengler and Qualcomm’s CONFIG_STRICT_MEMORY_RWX feature by Larry Bassel and Laura Abbott. CONFIG_DEBUG_RODATA landed in the upstream kernel for arm/arm64 and has been backported to Android’s 3.18+ arm/arm64 common kernel.

Restrict kernel access to userspace

This feature improves protection of the kernel by preventing it from directly accessing userspace memory. This can make a number of attacks more difficult because attackers have significantly less control over kernel memory that is executable, particularly with CONFIG_DEBUG_RODATA enabled. Similar features were already in existence, the earliest being Grsecurity’s UDEREF. This feature is enabled with config option CONFIG_CPU_SW_DOMAIN_PAN and was implemented by Russell King for ARMv7 and backported to Android’s 4.1 kernel by Kees Cook.

Improve protection against stack buffer overflows

Much like its predecessor, stack-protector, stack-protector-strong protects against stack buffer overflows, but additionally provides coverage for more array types, as the original only protected character arrays. Stack-protector-strong was implemented by Han Shen and added to the gcc 4.9 compiler.

Attack surface reduction

Attack surface reduction attempts to expose fewer entry points to the kernel without breaking legitimate functionality. Reducing attack surface can include removing code, removing access to entry points, or selectively exposing features.

Remove default access to debug features

The kernel’s perf system provides infrastructure for performance measurement and can be used for analyzing both the kernel and userspace applications. Perf is a valuable tool for developers, but adds unnecessary attack surface for the vast majority of Android users. In Android Nougat, access to perf will be blocked by default. Developers may still access perf by enabling developer settings and using adb to set a property: “adb shell setprop security.perf_harden 0”.

The patchset for blocking access to perf may be broken down into kernel and userspace sections. The kernel patch is by Ben Hutchings and is derived from Grsecurity’s CONFIG_GRKERNSEC_PERF_HARDEN by Brad Spengler. The userspace changes were contributed by Daniel Micay. Thanks to Wish Wu and others for responsibly disclosing security vulnerabilities in perf.

Restrict app access to ioctl commands

Much of Android security model is described and enforced by SELinux. The ioctl() syscall represented a major gap in the granularity of enforcement via SELinux. Ioctl command whitelisting with SELinux was added as a means to provide per-command control over the ioctl syscall by SELinux.

Most of the kernel vulnerabilities reported on Android occur in drivers and are reached using the ioctl syscall, for example CVE-2016-0820. Some ioctl commands are needed by third-party applications, however most are not and access can be restricted without breaking legitimate functionality. In Android Nougat, only a small whitelist of socket ioctl commands are available to applications. For select devices, applications’ access to GPU ioctls has been similarly restricted.

Require seccomp-bpf

Seccomp provides an additional sandboxing mechanism allowing a process to restrict the syscalls and syscall arguments available using a configurable filter. Restricting the availability of syscalls can dramatically cut down on the exposed attack surface of the kernel. Since seccomp was first introduced on Nexus devices in Lollipop, its availability across the Android ecosystem has steadily improved. With Android Nougat, seccomp support is a requirement for all devices. On Android Nougat we are using seccomp on the mediaextractor and mediacodec processes as part of the media hardening effort.

Ongoing efforts

There are other projects underway aimed at protecting the kernel:

• The Kernel Self Protection Project is developing runtime and compiler defenses for the upstream kernel.
• Further sandbox tightening and attack surface reduction with SELinux is ongoing in AOSP.
• Minijail provides a convenient mechanism for applying many containment and sandboxing features offered by the kernel, including seccomp filters and namespaces.
• Projects like kasan and kcov help fuzzers discover the root cause of crashes and to intelligently construct test cases that increase code coverage—ultimately resulting in a more efficient bug hunting process.

Due to these efforts and others, we expect the security of the kernel to continue improving. As always, we appreciate feedback on our work and welcome suggestions for how we can improve Android. Contact us at .

The Google Online Marketing Challenge (GOMC) provides a hands-on learning platform for students around the world to develop their online marketing skills and gain practical experience working with real businesses and non-profits to solve real problems and produce real results.

AdWords Business Awards

• The Global Winning team comes from the ESG UQAM - School of Management Sciences in Canada, under Professor Harold Boeck. The team of James Forbes, Nicolas Archambault-Doucet, Esme Fentener Levi and Thomas St-Amour worked with Alvéole, a company that helps people and organizations install and care for urban honeybee colonies.

• The Americas Winner comes from James Madison University in the United States, under Professor Theresa B. Clarke. The team of Lynn Radocha, Alexander Adley, Maianh Phan, John Thompson and Cari Ross worked with the Rockingham/Harrisonburg SPCA, a non-profit animal rescue shelter that provides care for all dogs, cats, and other small animals until they can be adopted into a safe, permanent home.
• The Asia & Pacific Winner comes from the Narsee Monjee Institute of Management Studies, under Professor Shilpa Sawant in India. The team of Aniruddha Pandhare, Devarsh Ganatra, Urvi Talaty, Dhananjay Thaker, Akash Pandey and Rini Antony worked with Dr. Babasaheb Ambedkar Vaidyakiya Pratishthan, a non-profit Trust that invests in various medical and social welfare initiatives to transform the lives of the poor and needy in the drought prone ‘Marathwada’ region of Maharashtra.
• The Europe Winner comes from the University of Turku in Finland, under Professor Joni Salminen. The team of Elina Ojala, Miia Bergström, Paula Suominen and Emma Jalonen worked with ResQ, a recently founded company with a mission to help consumers “rescue” leftovers from restaurants and acquire quality meals at a cheap price, while restaurants profit from selling food that would have otherwise been wasted.
• The Middle East & Africa Winner comes from Daystar University in Kenya, under Professor Maranga Moriasi. The team of Jeffrey Kanae, Moses Njeri Khatiebere, Evelyne Magaju, Sharone Awuori Tindi and Roselinda Were worked with Youth on the Move, a non-profit organization whose mission is to empower youth with epilepsy to build their skills, stand up for themselves and transform their desires into realistic plans and actions.

Google+ Social Media Marketing Awards

• The Global Winner comes from the Dwarkadas J. Sanghvi College of Engineering in India under Professor Khushali Deulkar. The team of Rosanlal Behera, Niki Jain, Harsh Jain, Chandrasekhar Raman, Pratik Bhambhani and Aayushi Dholakia worked with Kossine, a Neebal initiative and coaching institute that specializes in teaching Computer Programming and Electronics courses to students.

• The Americas Winner comes from James Madison University in the United States, under Professor Theresa B. Clarke. The team of Matt Deters, Molly McDevitt, Caitlin Fikac, Natalie Krewin and Claudia Schnorbus worked with the Poricy Park Conservancy, a non-profit that preserves 250 acres of open space, prehistoric fossil beds, and the historic Murray Farmhouse for the surrounding community.
• The Asia & Pacific Winner comes from the Narsee Monjee Institute of Management Studies, under Professor Shilpa Sawant in India. The team of Aniruddha Pandhare, Devarsh Ganatra, Urvi Talaty, Dhananjay Thaker, Akash Pandey and Rini Antony worked with Dr. Babasaheb Ambedkar Vaidyakiya Pratishthan, a non-profit Trust that invests in various medical and social welfare initiatives to transform the lives of the poor and needy in the drought prone ‘Marathwada’ region of Maharashtra.
• The Europe Winner comes from Kaunas University of Technology in Lithuania, under Professor Elena Vitkauskaitė. The team of Mantas Mitrauskas, Merita Simanavičiūtė, Agnė Raulinavičiūtė, Severina Sekrytė and Paulina Lazauskaitė worked with Dalinuosi.lt, an online sharing platform that promotes the protection of the environment and stimulates responsible usage by allowing people to lend their goods or borrow them from other consumers.
• The Middle East & Africa Winner comes from the Institute of Management Technology, Dubai in the United Arab Emirates, under Professor Ali Zalzala. The team of Pratiksha Kumar, Shikhar Ahuja and Rahul Jain worked with Community Tracks, a non-profit in California that has a global agenda to provide under-served communities with sustainable technology solutions and associated education services that enhance the quality of life.

AdWords Social Impact Awards

• The 1st Place Winner comes from James Madison University in the United States, under Professor Theresa B. Clarke. The team of Emily Maynard, Jacob Shibley, Christine Provino, Jacob Brown and Amy Goffe worked with the Children's Science Center, a non-profit children’s science museum focused on hands-on STEM (Science, Technology, Engineering, and Math) learning and providing unique opportunities for children to explore, create and be inspired.

• The 2nd Place Winner comes from the Narsee Monjee Institute of Management Studies, under Professor Shilpa Sawant in India. The team of Aniruddha Pandhare, Devarsh Ganatra, Urvi Talaty, Dhananjay Thaker, Akash Pandey and Rini Antony worked with Dr. Babasaheb Ambedkar Vaidyakiya Pratishthan, a non-profit Trust that invests in various medical and social welfare initiatives to transform the lives of the poor and needy in the drought prone ‘Marathwada’ region of Maharashtra.
• The 3rd Place Winner comes from James Madison University in the United States, under Professor Theresa B. Clarke. The team of Lynn Radocha, Alexander Adley, Maianh Phan, John Thompson and Cari Ross worked with the Rockingham/Harrisonburg SPCA, a non-profit animal rescue shelter that provides care for all dogs, cats, and other small animals until they can be adopted into a safe, permanent home.

To learn more about the Google Online Marketing Challenge and to pre-register for next year’s competition, please watch the GOMC video and visit our website: www.google.com/onlinechallenge.

Posted by Lily Sheringham, Google Play team

Culture Alley developed the app Hello English to help Indians learn English through gamification, supporting over 15 dialects. More than 13 million people now use Hello English in India and around the world.

Hear Nishant Patni, Founder & CEO and Pranshu Bhandari, Co-Founder, explain how they optimized the app to address challenges faced by emerging markets. Learn how they used various Google Play tools to address varying levels of connectivity and device capabilities, and improve user retention.

Learn more best practices about building for billions and watch the ‘10 tips to build an app for billions of users’ video to get more tips. Also, get the Playbook for Developers app and stay up-to-date with more features and best practices that will help you grow a successful business on Google Play.

Friday night is movie night at our home, and my wife and I look forward to our weekly ritual of putting the kids to bed, getting some takeout, and catching up on our movie wishlist. Whether it’s making the BLUE STEEL face from Zoolander, swapping tips on playing Monument Valley, or reading Dragons Love Tacos to the kids at bedtime, these shared moments bring us closer together.

For families like mine, who bond over shared entertainment, we’re introducing Family Library, a way for up to six family members to share purchases on Google Play. When you buy an eligible app, game, movie, TV show, or book in the Play Store, you can now share it with your family—across devices—with no additional sign-up fee.


Share across your family’s devices
Today’s families have a lot of devices, and it should be easy to share content no matter where we are or what we’re doing. Everyone in my family loves the Star Wars movies and we all want to be able to watch them, on our phones, tablets, laptops, or TV. All purchases added to Family Library are available across Android devices, and movies, TV shows, and books can be enjoyed on iOS devices and the web.

Easily manage sharing and family purchases
As with most family matters, flexibility and choice is important. With Family Library, you can choose which items you want to share and which to keep to yourself—for example, I’ll probably keep my collection of comic books in my personal library. Flexibility is also built into your purchasing options. When you sign up, you’ll select a credit card to share as your family payment method, but your family members will always have the option of buying stuff with their personal credit cards or gift cards. And for your younger family members, you’ll have the option to approve each of their purchases.

Share a Music subscription with your family
Finally, if your family loves music, you can also subscribe to the Google Play Music family plan. On this plan, up to six family members can stream millions of songs on demand for $14.99 a month. We launched the family plan late last year, and today we’re expanding it to Ireland, Italy, Mexico, and New Zealand. And you can now sign up on the web, in addition to your Android device.

Starting today, Family Library will be rolling out over the next few days and will be available in Australia, Brazil, Canada, France, Germany, Ireland, Italy, Japan, Mexico, New Zealand, the United Kingdom and the United States. To get started, sign up in Google Play, invite your family members, and start sharing what you love!

Posted by Raj Iyengar, Product Manager, Google Play https://1.bp.blogspot.com/-3j_0lZ3pI-w/V5ejW8jcoJI/AAAAAAAAStw/ht0F9TZzSeM5ssT7p3rZSoJCiIWb7LReACLcB/s200/FamilyPlay.jpg Raj Iyengar Product Manager Google Play

Posted by By Sarah Karam, Google Play Apps Business Development

With more than 1 billion active users in 190 countries around the world, Google Play continues to be an important distribution platform for you to build a global audience. To help you get your apps in front of more users, it’s important to make them more quickly and easily discoverable in Google Play. That’s why we rolled out major features, such as Search Ads, Indie Corner, store listing experiments, and more, over the past year.

To improve the overall search experience, we’re introducing new app categories and renaming a few existing ones, making them more comprehensive and relevant to what users are looking for today.

The new categories include:

• Art & Design
• Auto & Vehicles
• Beauty
• Dating
• Events
• Food & Drink
• House & Home
• Parenting

In addition, the “Transportation” category will be renamed “Maps & Navigation,” and the “Media & Video” category will be renamed “Video Players & Editors.”

To select a new category for your app or game

1. Sign in to your Google Play Developer Console.
2. Select an app.
3. On the left menu, click Store Listing.
4. Under "Categorization," select an application type and category.
5. Near the top of the page, click Save draft (new apps) or Submit update (existing apps).

Newly added categories will be available on Google Play within 60 days. If you choose a newly added category for an app before the category is available for users, your current app category may change. See additional details and view our full list of categories in the Help Center.

This guest post is a part of a short series about Tatyana Goldberg and Guy Yachdav, instructors at Technical University of Munich, and the journey that was inspired by their participation as Google Summer of Code mentors for the BioJS project.

Tatyana Goldberg and Guy Yachdav, GSoC mentors and open source enthusiasts. Photo taken at the MorpheusCup competition Luxembourg, May 2016.

For over three decades, Zagat has been dishing out trustworthy guidance for urban foodies across the US. We thought it was time to spice up Zagat’s look and refresh its mobile iOS app in order to provide relevant restaurant recommendations for diners on the go. Looking for new watering holes in your area or wanting the top recommended dining spots for the city you’re visiting? Zagat now makes it simple and easy using its reliable recipe that looks at the wisdom of the crowds combined with hand-crafted reviews. Check out the Zagat blog for more details.

Author: Laura Slabin, Director, Local Content & Community

In today’s release, the Google Places API for iOS 2.0 and the Google Maps SDK for iOS 2.0 are now in separate CocoaPods. For developers who only use the Google Places API for iOS, this will significantly reduce the binary size of their app.

What does this mean for me? What do I have to do?

Nothing immediately for your current implementation, but we strongly suggest that you upgrade within the next year to the new Google Maps SDK for iOS 2.0 and Google Places API for iOS 2.0. The Google Maps for iOS SDK Version 1.x will become unsupported in one year’s time.

If you are using the Standard Plan Google Maps SDK for iOS 1.x, and haven’t specified a version in your podfile, you will be automatically upgraded to the new Google Maps SDK for iOS 2.0 when you run ‘pod update’. If you use any Places functionality, we’ve created this migration guide for the Places API to step you through the process of migrating to the new Google Places API for iOS 2.0.

In addition, we’ve documented how to extract all the frameworks (Maps, Places) from the relevant CocoaPods so you can manually include the SDKs in your project rather than using CocoaPods if you wish. [Issue 8856]

What does this mean for Premium Plan Maps SDK customers?

There is no longer a separate Google Maps Premium Plan SDK. Instead it has been replaced with the new streamlined Google Maps SDK for iOS 2.0 for both Standard and Premium Plan developers.

We’ve created a Premium Plan migration guide that will step you through the process of migrating to the new Google Maps SDK for iOS 2.0. We’ve also documented how to extract the frameworks from the CocoaPods so you can manually include the SDKs in your project if you’d prefer that. Your Enterprise Maps key will continue to work, as will your Premium Plan.

Please note:
The Google Maps SDK for iOS Premium Plan SDK 1.13.2 (current version) will be supported for one year during which time we suggest you upgrade to the new streamlined Google Maps SDK for iOS 2.0.

Take a look at our release notes and start using version 2.0 today!

Posted by Megan Boundey, Product Manager, Google Maps Mobile APIs