For years, Android’s security and privacy teams have been wrestling the world’s most popular mobile operating system to make it more controllable and updatable while still being open source and easy to deploy. And while scams, malware, and rogue apps are still real threats, the debut of Android 13 at Google’s I/O developer’s conference on Wednesday feels less like triage mode and more like a logical iteration. As Charmaine D'Silva, Android’s director of product management puts it, “This is the release where we bring it all together.”
If anything, the big problem for Android security and privacy now is trying to get users, device makers, and developers to understand and be motivated to use a slew of new and recently released protective features. And after setting so many privacy and security initiatives in motion over the past few years, there's a huge amount for the Android team to maintain and try to get right at any given time.
“We will continue to go deeper, and that’s going to be a continued investment, but the challenge as you go deep is you end up fragmenting experiences, you end up actually confusing users unintentionally,” says Krish Vitaldevara, Android senior director of product management. “That’s a very hard problem to solve, and that’s what we’re going to solve with Android 13.”
Google Play Protect now scans about 125 billion apps per day on user devices to assess their behavior and attempt to identify security issues. And Google says that its Messages app now blocks 1.5 billion spam messages per month in an attempt to cut down on phishing and other scams that actually reach users. And after finally introducing end-to-end encryption in Messages last year for one-on-one texting with the long-awaited RCS messaging standard, Google says that later this year it will add end-to-end encryption in beta for group chats as well.
“We feel both excited and hopeful,” Jan Jedrzejowicz, a Messages product manager tells WIRED. “Excited because providing out-of-box and encrypted-by-default group text messaging on Android is a huge upgrade for a large number of people all over the world. Hopeful because cross-platform messaging still uses SMS/MMS, and we really hope we can upgrade that to a more modern and encrypted protocol.”
Android 13 imposes more limitations and user controls for the permissions apps are granted and what data they can access when. For example, the operating system gives developers the option to easily incorporate Google’s “Photo picker” that lets users choose specific photos and videos to share with an app through the conduit of the picker, rather than granting the app access to their full photo library. Google has increasingly leaned on the system access that Android already has to provide specific data to apps, making it more like the bartender who’s mixing drinks than the cashier at the liquor store. Similarly, Android 13 now requires apps to request permission to access audio files, image files, and video files separately as part of an effort to limit access to different storage buckets.