The more things change, the more the pastrami stays the same: a Talks at Google roundup

The more things change, the more the pastrami stays the same: a Talks at Google roundup

As the seasons change, we started thinking about other types of change. This month’s Talks at Google roundup delves into everything from changing habits to how two famous Jewish delis balance classic dishes amidst a changing food scene.

Author, podcaster and expert habit-former Gretchen Rubin talks about “Better Than Before,” her book that offers a new perspective on habits. She explains how to form habits, why we break them, and the four types of habit tendencies.

Bollywood star Farhan Akhtar wanted to do something about the mounting violence against women in the world. He shares how he used creative arts to create social change, and talks about his creative process along the way.

Hear from Matthew Claudel—author of “City of Tomorrow”—whose job is to imagine the future of cities, and how technology is changing that future.

Jennifer Brown, author of “Inclusion: Diversity, the New Workplace & the Will to Change,” shares her strategies for empowering employees and harnessing the power of diversity in today’s ever-changing world of business.

Disclaimer: this one might make you hungry. Jake Dell (owner of Katz’s Deli in New York) and Evan Bloom (co-owner of Wise Sons Deli in San Francisco) chat about the evolution of the Jewish deli, and how they maintain tradition while staying current (especially when it comes to pastrami sandwiches). They may not be in lox-step in their approach to food, but we think you’ll like this talk a latke.

The High Five: insights on the top search trends of the week

The High Five: insights on the top search trends of the week

This week people searched for free coffee, the death of a media mogul, help with IKEA tasks and new wheels from Ford. And as Puerto Rico reels from the devastation of Hurricane Maria, people want to know how they can help. Here are the top trends of the week, with data from Google News Lab.

Hurricane Maria

Puerto Rico continues to grapple with the aftermath of Hurricane Maria, which left many without power and desperate for food, electricity and communication services. People in the U.S. continue to search for “hurricane donation” (interest went up 185% this week), as well as “How powerful was Hurricane Maria?” “How to donate to Puerto Rico” and “What is the Jones Act?” (A law that was waived to get relief to Puerto Rico quicker). The top regions searching for Puerto Rico were Florida, Connecticut and New Jersey.

Caffeine fiends

Wake up and smell the coffee—it’s National Coffee Day! And everyone is after the free java, with searches like, “Is Starbucks doing anything for National Coffee Day?” “Who gives free coffee on National Coffee Day?” and “What is National Coffee Day at Dunkin Donuts?” Cold brew coffee, butter coffee, and Irish coffee (for those starting early…) are the most searched types of coffee this week.


Hugh Hefner passed away this week at the age of 91. Upon hearing the news, people searched to find out more about Hefner’s fortune and infamous love life: “How much was Hugh Hefner worth?” “Who gets Hugh Hefner’s money?” and “Who was Hugh Hefner married to?” Hefner will be buried next to Marilyn Monroe, Playboy’s first cover girl (search interest in Monroe went up 570% this week as well).

But will they assemble the meatballs, too?

This week, two of the top searched questions about IKEA were: “How to build IKEA Tarva nightstand” and “How to remove IKEA drawer front.” Well, now you can get some help with that. This week, IKEA closed a deal to buy the online errand company TaskRabbit so that the dreaded phrase “assembly required” will become slightly less scary. Those who are keen on IKEA are searching the most for dressers, desks, rugs, kitchen cabinets and beds.

Riding in style

Ford is getting revved up with its new F-450 Super Duty Limited truck, which can cost as much as $100,000 and tows 15 tons … talk about luxury. Search interest for the new truck went into overdrive—“Ford Truck” was searched 2000% more than “Ford SUV.” People are doing their due diligence on the Super Duty, searching “Where is the F-250 Super Duty made?” “What is the MPG of a Ford Super Duty Diesel?” and “What roof bars fit a Ford Super Duty?”

The FlashStack Revolution

The FlashStack Revolution

Modern companies need to move quick. And to do so, they need things to be streamlined. From hosting 40,000 people at a big game, to churning out thousands of newspapers hot-off-the-press, to delivering millions of pizzas right on time. To keep up, companies need an integrated solution powering their IT that’s fast…REALLY fast. Learn how […]

Igniting business transformation, reinventing the data center and helping nonprofits move to the cloud — Weekend Reading: Sept. 29 edition

Igniting business transformation, reinventing the data center and helping nonprofits move to the cloud — Weekend Reading: Sept. 29 edition

This week was testament to the transformative power of technology, both collectively and individually — from the thousands of business leaders gathered at Microsoft’s annual IT conference to a Philippine teenager whose blindness isn’t stopping her from pursuing a dream of creating her own software. A leader in digital transformation, Microsoft is launching a group…

The post Igniting business transformation, reinventing the data center and helping nonprofits move to the cloud — Weekend Reading: Sept. 29 edition appeared first on The Official Microsoft Blog.

Innovating and Winning Awards

Innovating and Winning Awards

The Best of Interop 2017 award winners were announced at the MGM Grand in Las Vegas. As the innovator and leader of these technologies, I was asked by several media representatives for an interview. Here is a short interview by Information Week news desk. Best of Interop Awards are like the Oscars of the Networking […]

#teampixel proves you can take a good photo anywhere

#teampixel proves you can take a good photo anywhere

We’re always excited to see what #teampixel photographs next. This week’s photos capture everything from the tombs and temples in Jordan to the crestfallen leaves of autumn, proving a good photo can be taken anywhere.   

Special shout out to today’s Instagram feature, @oxykostin, for a magical photo that takes us under the sea. Don’t forget to tag your photos with #teampixel, and you might see yourself featured next!

Keystore Key Attestation

Keystore Key Attestation

Posted by Shawn Willden, Software Engineer

Android’s keystore has been available for many years, providing app developers
with a way to use cryptographic keys for authentication and encryption. Keystore
keeps the key material out of the app’s process space, so that the app cannot
inadvertently reveal it to the user where it could be phished, leak it through
some other channel, or have it compromised in the event of a compromise of the
app. Many devices also provide hardware-based security for keystore keys in
secure hardware, which keeps the key material out of the Android system
entirely, so that the key material cannot be leaked even by a Linux kernel
compromise. In the vast majority of Android devices, secure hardware is a
special mode of the main CPU, with hardware-enforced isolation from the Linux
kernel and Android userspace. Alternatively, some devices use a separate secure

Android provides APIs that allow the app to determine whether a given keystore
key is in secure hardware, but these APIs could be unreliable if the operating
system has been compromised. Key attestation provides a way for a device’s
secure hardware to verify that an asymmetric key is in secure hardware,
protected against compromise of the Android OS.

History of Keystore

Keystore was originally introduced in Android 4.0 and keys were encrypted with
the user’s passcode. In Android 4.1 the infrastructure to use device secure
hardware was added.

Up until Android 6.0, Keystore supported RSA and ECDSA. In Android 6.0, Keystore
was significantly enhanced, adding support for AES and HMAC. Also, other crucial
elements of cryptographic operations, such as RSA padding1 and AES block chaining2 modes were moved into secure hardware.

In Android 6.0, Keystore also gained the ability to restrict the ways in which a
particular key could be used. The most obviously useful restriction that can be
applied is user authentication binding. This allows a key’s usage to be
“bound” to the user’s passcode—their PIN, pattern, or password—or fingerprint.
For passcode authentication binding, the app developer can specify a timeout in
seconds. If more than the specified time has elapsed since the user last entered
their passcode, the secure hardware refuses any requests to use the key.
Fingerprint-bound keys require a new user authentication each time the key is

Other, more technical, restrictions can be applied to Android 6.0+ keys as well.
In particular, at point of key creation or import, it is necessary to specify
the cryptographic purposes (encrypt, decrypt, sign, or verify) for which the key
may be used, as well as padding and block modes, digests, source of entropy for
initialization vectors or nonces, and other details of the cryptographic
operation. Because the specified information is permanently and
cryptographically bound to the key material, Keystore won’t allow the key to be
used in any other way. Therefore, an attacker who gains control of the app or
the system can’t misuse the key. To help prevent attacks, developers should
specify the narrowest possible range of uses for a given key.

One of the most important changes to Android Keystore was introduced in Android
7.0. New devices that launch with Android 7.0+ with a secure lock screen must
have secure hardware and support hardware-based passcode authentication and
keystore keys. Prior to Android 7.0, secure hardware support was widespread, but
over the next few years it will become universal.

In Android 8.0, key attestation was made mandatory for all new devices that ship
with Google Play installed.

Why use key attestation?

Suppose you’re developing an app to provide a bank’s customers with access to
their bank balance, transaction history, and bill pay system. Security is
important; you don’t want anyone who picks up the user’s phone to have access to
their the bank account. One approach would be to use the user’s web site
password. But that’s often inconvenient for the user because web sites often
demand long, complex passwords, which are inconvenient on a small touchscreen.

With Android Keystore, you can generate an asymmetric authentication key, such
as a 256-bit ECDSA key, and have each user sign in with their complex web
password once, then register the public key in the bank’s customer account
database. Each time they open the app, you can execute a challenge-response
authentication protocol using that ECDSA key. Further, if you make the key
authentication-bound, the user can authenticate with their lock screen passcode
or fingerprint each time they open the app. That allows them to use the simpler
and more convenient authentication mechanism on their phone.

If an attacker compromises Android and attempts to extract the key, they
shouldn’t be able to because the key is in secure hardware.

As an app developer, key attestation allows you to verify on your server that
the ECDSA key your app requested actually lives in secure hardware. Note that
there’s little point in using the attestation in your app itself; if the Android
OS is uncompromised and trustworthy, then you can just use the KeyInfo
class introduced in 6.0 to discover whether the key is in secure hardware. If it
is compromised, then that API and any attempt you make to validate the
attestation on device are both unreliable.

Note that key attestation is distinct from SafetyNet
. They’re the same concept, but attest to different things and
come from different places. Keystore key attestation affirms that a crypto key
lives in secure hardware and has specific characteristics. SafetyNet attestation
affirms that a device is real (not an emulator) and that it’s running known
software. SafetyNet uses Keystore key attestation under the covers, so if you
want to know about device integrity use that. If you want to confirm that your
key is in secure hardware, use key attestation.

For details and sample code, see the key
attestation training article


  1. Keystore supports the recommended OAEP and PSS padding modes for RSA encryption and
    signing, respectively, as well as the older PKCS#1 v1.5 modes. 

  2. Keystore supports GCM, CBC and ECB block chaining modes. 

Posted in Uncategorized
Preparing Today for Tomorrow’s Threats

Preparing Today for Tomorrow’s Threats

For the European Union, the U.S., and many countries around the world, October is Cyber Security Awareness Month, a time to broaden awareness and expand the conversation on staying safe and secure online. This time of year presents an opportunity to reflect on the state of cybersecurity – how we’re dealing with today’s challenges and […]

Making Android better for kids and families

Making Android better for kids and families

We spend a lot of time thinking about how to make Android work for everyone. Whether it’s giving people their choice of device, or helping app developers make their apps more accessible, we think Android is at its best when more people have access to the power of mobile technology. And that includes kids. Kids are the most curious among us, and technology can be an avenue for them to express their creativity and to help them learn—whether they’re doing research for a school report, learning to string together a few chords on a guitar, or just playing their favorite games. At the same time, we want parents and kids to navigate technology together in a way that makes sense for their family.

Today, we’re happy to announce that Family Link, our solution for bringing kids and their parents into the Android ecosystem, is now available to parents in the United States without an invitation. Parents can also create a Google Account for their kid right from Android setup, and then manage their kid’s account and device with Family Link.

This is the next step in our journey, but we’re far from done. We’ve been humbled by the response from those who have already been using Family Link, and want to say thank you. We appreciate the positive pieces of feedback, as well as the many feature requests, and will continue to listen to your feedback as the product evolves.


Getting started with Family Link

When you’re setting up your kid’s Android device (see available devices), Google asks you to create an account. Enter your kid’s birthday, and if they’re under 13, you’ll be asked to provide consent to create the account. Once that’s done, Family Link will automatically be downloaded to your kid’s device, and you can choose the apps and settings that you want for your child. Once your kid’s device is setup, download Family Link on your own device, and you can use it to do things like:

  • Manage the apps your kid can use: Approve or block the apps your kid wants to download from the Google Play Store.

  • Keep an eye on screen time: See how much time your kid spends on their favorite apps with weekly or monthly activity reports, and set daily screen time limits for their device.

  • Set device bedtime: Remotely lock your kid’s device when it’s time to play, study, or sleep.

Family Link can help you set certain digital ground rules that work for your family, whether you’re occasionally checking in on your kid’s device activity, or locking their device every day before dinner time.

If you have questions about setting up an account for your kid or using Family Link, check out our Help Center.

UX Design In A World Of Ever-Changing Screen Sizes: Tips For Staying Ahead Of The Curve

UX Design In A World Of Ever-Changing Screen Sizes: Tips For Staying Ahead Of The Curve

The move to mobile changed UX design at its core, and the move to portable devices of all sizes (and now, shapes) continues to keep designers on their toes, providing key challenges and opportunities. Yet UX designers across the industry are keeping up, and reacting to hardware changes in their own creative ways. Here’s some of their advice to keep up with an ever-changing screen size landscape.