After a few years of expanding privacy and security tools, the Android team is in refinement mode. Then again, when an operating system runs on more than 3 billion devices, little changes can have a big impact. And a slew of new features in Android 12 not only give you more insight into what your apps are up to, they also offer more granular options for how to limit what data those apps can access.
Android 12 is already available in beta and will formally launch in a few months. At Google's IO developer conference today, though, the company is showcasing little tweaks and bigger features that help you understand what goes on behind the scenes—and provide more opportunities to catch unwanted behavior from apps. Some of these additions are similar to features already available in Apple's iOS. But others move the privacy ball forward in new ways.
“With this release we want to keep narrowing down the scope of what data apps get," says Android group product manager Charmaine D'Silva. "It’s taken some time to get it right, but the main focus of this release is giving a deeper level of transparency to users.”
Android 12 includes a “Privacy Dashboard” where you can see which apps used potentially sensitive permissions in the past 24 hours. The dashboard breaks down app activity by category— like “Location,” “Camera,” and “Microphone”—and then shows you which apps accessed those mechanisms. Google will also be asking developers to provide additional information on what they were using the access for at that particular moment. And you can adjust or revoke app permissions through the dashboard. It gives more insight than you might be used to into how apps work in the background, especially because it includes not only that an app accessed, say, location data or your microphone, but when and for how long.
“We give permissions to apps so they can do awesome things; it's not at all unusual to see entries on the dashboard,” D'Silva says. “But is anything on the list surprising? Maybe you gave an app access awhile ago and don’t remember why exactly. We wanted to give users a complete picture.”
Android 12 also introduces a green indicator light in the top right corner of any screen that goes on if your smartphone's microphone or camera are in use. Apple's iOS 14 added a similar feature last year. In Android, though, you can pull down on the light to see more details about which app is using the mic or camera and why, and there's easy access from there to revoke permission if you want to.
Google is also adding two controls in Android's “Quick Settings” to completely turn off camera access or microphone access for all apps. Pressing one or both of the buttons is the software equivalent of putting a sticker over your webcam. It doesn't revoke permissions to an app; it simply kills the feed from the sensor. Most importantly, the operating system itself runs the camera and microphone off switches, which means apps don't know when they're enabled. They just see blank feeds coming from the mic and camera if they try to access them. Otherwise, malicious apps could take note of when your camera and microphone are off, and look for other ways to track potentially sensitive activity.
When it comes to sharing permission information with apps, Android already offers the option to share location data as a one-off, rather than committing to share it anytime an app wants. D'Silva says the option to do these one-time data shares has been popular with users. Android 12 takes things a step farther by adding the ability to share only an approximate position with an app. This way you don't need to tell a weather app where you live or work in order to get the forecast in your neighborhood. Apple's mobile operating system debuted a similar feature last year in iOS 14. As with sharing your precise location, Android 12 provides three options for sharing your approximate device location with apps: “While using the app,” “Only this time,” or “Don't allow.”
The Android team is continuing to roll out its “permission auto-reset” program, first announced for Android 11. The idea is to reset permissions on apps you haven't used for an extended period of time, so they don't hold on to access they don't need. If you want to reinstate their permissions later, you always can. In the last few weeks alone, D'Silva says that 8.5 million app permissions have reset.
Android 12 is also expanding on this idea with a new feature called “App Hibernation.” In addition to removing permissions from apps you haven't used in a long time, this extra step will fully stop apps from running in the background, remove all the temporary and optimization files an app is storing on your device, and remove the app's ability to send notifications. If you tap on a hibernating app, it will come back to life and reestablish its presence as you use it. But the app's permissions aren't automatically reinstated. Hibernation is simply a way to keep apps around on your phone without letting them lurk unchecked.
To allow more apps to deploy local machine learning features like Android's Live Caption accessibility function, Now Playing music identification tool, and Smart Reply for chat, Android 12 includes in a new feature called Private Compute Core. The idea is to establish an isolated environment, or a sandbox, in which AI systems can run without direct network access and completely separated from other operating system functions. Only a set group of application programming interfaces can interact with the Private Compute Core. While separating these systems in software doesn't guarantee perfect security, it makes it much harder for a rogue app or malware to gain remote access to local machine learning features or the personal data powering them. And D'Silva emphasizes that Private Compute Core is fully open source, so developers can vet the setup for flaws.
Android has come a long way in enhancing its security features and building out privacy controls for users, including with its Android 12 innovations. But as Apple continues to crack down on ad-tracking in an iOS 14 feature, the bar is higher than ever—and in ways that increasingly complicate Google's balance between the privacy its users deserve and the targeted advertising that drives its business.