Google Debuts New Private Features to Improve Security

Google announced on September 9, 2021 that it was introducing new features to Android Private Compute Core, a secure environment for the Android operating system (OS). Suzanne Frey, VP, Product, Android & Play Security and Privacy, said in her blog post that these features will “provide a privacy-preserving bridge between Private Compute Core and the cloud.”

Android Private Compute Core is an open source environment that’s isolated from the rest of the Android OS and its applications. It’s currently in the beta stages of development, so Google is regularly adding privacy-preserving features to it. These latest additions include Live Caption, Now Playing and Smart Reply.

Live Caption uses Google’s on-device speech recognition to add captions to any media. Now Playing displays the song title and artist name to the user’s lock screen for music when it recognizes playing nearby. Smart Reply suggests responses to conversation the user is having in messaging apps.

Google will implement these features with each Android release. They aren’t privacy-based in themselves, but they’ll contribute towards the process of completely sandboxing Android. This architecture enforces security between the apps and OS the process level by using facilities like user and group IDs, which Android assigns to apps. These features also use machine learning (ML) to keep the data they gather private, provided users enable them. The types of data they protect include the context of conversation, environmental noise detection and speech records.



The latest additions to Private Compute Core are part of Google’s overall strategy for improving Android’s security, which the tech giant initially disclosed in February 2021. Google is particularly focused on memory problems like buffer overflows and data corruption, since the majority of Android’s identified vulnerabilities are related to this area. The firm is also improving application security by encouraging programmers to use languages like Java and Rust, which are fundamentally more secure than C and C++.


Private Compute Services

Android prevents the ML features of Private Compute Core from directly accessing any networks, so Private Compute Services uses a private path to obtain updates for its features. These features use a small set of open-source APIs to communicate with external sites. The APIs remove identifying information from the messages that Private Compute Core sends. These privacy technologies include Federated Analytics, Federated Learning and private information retrieval.

Google plans to publicly publish Private Compute Services’ source code, allowing security researchers and other parties outside of Google to audit it. This action will subject Private Compute Services to the same level of scrutiny as the Android platform itself.


Privacy Requirements

The features in Private Compute Core keep information on the user’s device private, meaning it doesn’t share the information it processes with any apps unless the user specifically authorizes it. For example, the OS keeps message replies hidden from both the keyboard and the app the user is entering the reply into until the user taps a Smart Reply. Private Compute Core also lets the mobile device access the internet without compromising the user’s privacy when downloading speech-recognition models or new song catalogs.

Android is the first open-source OS for mobile devices that provides externally verifiable privacy. The use of ML to power features in Private Compute Core provides multiple benefits, especially in data security and user privacy.

Android flickr photo by leolambertini shared under a Creative Commons (BY-ND) license