Posted by Sara N-Marandi, Product Manager, Android Platform Product
People want an OS and apps that they can trust with their most personal and sensitive information. Privacy is core to Android’s product principles. As shared in the “What’s new in Android Privacy” session, Android 12 continues to expand on this existing foundation by making the platform even more private.
This release will give users more transparency around the data being accessed by apps while providing simple controls to make informed choices. Android is also investing in reducing the scope of permissions so that apps only have access to the data they need for the features they provide. Let’s look at some of these important changes we’ve made in Android 12 to protect user privacy.
Privacy dashboard: Users often tell us that they want to understand what data apps use. With the new Privacy Dashboard, users will have a simple and clear timeline view of the last 24 hour accesses to location, microphone and camera. You can also share more context about your app’s data usage with a new permission intent API in Android 12. The Privacy dashboard will be available to try in Beta 2.
We encourage all developers to review your code and understand data access needs, including those in third-party SDKs, and make sure all accesses have justifiable use cases. To help with that, in Android 11 we added Data access auditing APIs to make it easy for you to audit your current data access. Use the APIs to untangle mapping of your code by tracking which part of your code accesses private data. The Privacy dashboard will be available to try in Beta 2.
Figure 1. Privacy dashboard and location access timeline in the past 24 hours.
Microphone and camera indicators: In Android 12 we’re adding transparency to microphone and camera access. Going forward, users will know in real time when an app accesses their microphone or camera feeds. By simply going into Quick Settings, users can view the apps accessing their data. If the access is unwarranted, users can quickly navigate to the app permission page to revoke permissions.
Developers should review their use of microphone and camera and proactively remove unexpected access. For example, you should ensure that your app does not access these sensors before the user clicks on a feature that needs access. The Microphone and camera indicators will be available to try in Beta 2.
Figure 2. Microphone and camera indicators and toggles.
Microphone and camera toggles: You may have seen people placing stickers on cameras or plugging audio blockers into their phones. In Android 12, we’re introducing two new controls that allow users to quickly and easily cut off apps’ access to the microphone and camera on the device. To ensure user safety, emergency calls will be exempted.
If an app with permissions attempts to access the microphone or camera but the user has the sensors turned off, the system will display a message to inform the user that they must turn the sensors back on in order to use the app’s features. If your app follows permissions best practices, then you don’t need to do anything different to incorporate the toggle state. The Microphone and camera toggles will be available to try in Beta 2.
Approximate location: Over the last two releases, we’ve made location permission fine grained. First, we separated background and foreground access. Then, we added an “only this time” option to further restrict access to background location. We’re seeing users respond positively to these controls and are choosing them more often. When given the option, users elect to share less through foreground location access about 80% of the time.
In Android 12, we will give users more control over their location data. Users will have a clear choice regarding the precision of location provided to the app by selecting approximate location.
We encourage you to review your use case for location and request ACCESS_COARSE_LOCATION
if your features don’t need the user’s precise location. You should also be prepared for users to reduce location precision. Please make sure your app still works when users select approximate. Approximate location will be available to try in Beta 1.
Figure 3. Location permission request dialog with approximate and precise selection
Clipboard read notification: Content copied to the clipboard can contain sensitive information as users frequently copy emails, addresses, and even passwords. Android 12 notifies users every time an app reads from their clipboard. Users will see a toast at the bottom of the screen each time an app calls <a href="https://developer.android.com/reference/android/content/ClipboardManager#getPrimaryClip%28%29">getPrimaryClip()</a>
. The toast won’t appear if clipboard data originates from the same app. You can minimize access by first checking <a href="https://developer.android.com/reference/android/content/ClipboardManager#getPrimaryClipDescription%28%29">getPrimaryClipDescription()</a>
to learn about the type of data in the clipboard. The recommended best practice is to only access the clipboard when the user understands why the access occured. Clipboard read notification will be available to try in Beta 2.
Nearby device permissions: Android 12 minimizes data access by adding a new runtime permission for nearby experiences that do not use location. Up until now, apps such as watch and headphone companion apps required the location permission to scan for nearby Bluetooth devices for pairing. We heard from users and developers that this was confusing and led to granting the permission to access location data when it wasn’t needed. For apps targeting Android 12, you’ll have the option to decouple nearby device discovery from the fine location permission for use cases like pairing devices by using the new <a href="https://developer.android.com/reference/android/Manifest.permission.html#BLUETOOTH_SCAN"> BLUETOOTH_SCAN</a>
permission and by declaring <a href="https://developer.android.com/reference/android/R.attr.html#usesPermissionFlags">usesPermissionFlags=neverForLocation</a>
. Once the device is paired, apps can use the new <a href="https://developer.android.com/reference/android/Manifest.permission.html#BLUETOOTH_CONNECT">BLUETOOTH_CONNECT</a>
permission to interact with it. Apps that use Bluetooth scanning for location must still have the location permission. Nearby device permissions will be available to try in Beta 1.
App hibernation: Last year we launched permissions auto-reset. If an app isn’t used for an extended period of time, Android automatically revokes permissions for the app. In the last 14 days permissions were reset for 8.5M apps. This year we’re building on permissions auto-reset by intelligently hibernating apps that have gone unused for an extended period – optimizing for device storage, performance and safety. The system not only revokes permissions granted previously by the user, but it also force-stops the app and reclaims memory, storage and other temporary resources. Users can bring apps out of hibernation simply by launching the app. App hibernation will be available to try in Beta 1.
Android 12 is our most ambitious privacy release to date. Along the way, we have engaged closely with our developer community to build a platform that puts privacy at the forefront while taking into consideration the impact on developers. We thank you for your continued feedback and support in making our platform private and safe for everyone. Learn more about these changes on the developer site.