Apple users: count down the days remaining for you to laud it over your Android brethren. On February 19, Google revealed its first developer preview for its upcoming operating system (OS), Android 11. At this stage, Android 11 probably isn’t for you. The OS is at a very early stage and is designed for devs to get up to speed with how it works so that apps can be migrated smoothly to the new Android system upon its official release, which is likely to much later this year.
However, the update includes a raft of new privacy and security features, many of which will seem similar to anyone using Apple’s iPhone. One of the key developments is “scoped storage”, which throttles the ability for apps to pull data from your phone that isn’t necessary or to access the microphone and camera without any restrictions. There are also changes behind the scenes that will protect more user information.
The Android 11 announcement from Google also includes a range of other new features: the phone’s messaging system will look a lot like Facebook Messenger, with bubbles floating on the screen, and it will be easier for developers to add dark mode to the apps. However, as Android 11 is at search an early stage, it’s likely the biggest changes are still to be revealed. What Google has announced at the moment are some of the most technical elements of the next version of Android. They’ll improve privacy but take the most work for developers to implement.
“Android has long been the poor cousin to iOS when it comes to security,” says Victoria Baines, visiting research fellow at Oxford University’s Internet Institute. “Anything Google can do to restore confidence among consumers, developers and the security community is a good move.”
The changes are significant. Among the alterations Google is making to Android is a change to permissions: in earlier versions of the operating system, apps were given blanket, permanent permission to access contacts, the microphone or the camera upon installation.
That has slowly changed, with the current version of Android (version 10) allowing location access only if the app is open and visible. Android 11 will extend that one-time “permission if active” agreement to other features, meaning users can allow an app access to its camera upon opening, then once the app is closed requiring the app to get permission again. That’s an important step, says Baines. “Default opt-in, perpetual permissions no longer fly with many consumers. Temporary, ‘one time’ permissions empower users to make more granular choices.”
It’ll also have another effect, reckons Eerke Boiten, professor of cybersecurity at DeMontfort University. “It will disarm or disable, depending on what you believe, some of the ‘ads in response to overheard discussion’ stories,” he says. For years, incorrect rumours have swirled that Facebook and others have used smartphone microphones to collect data on users. These rumours haven’t been helped by a Facebook bug that turned on iPhone cameras in the background.
A similar shift is in the same vein: scoped storage limits an app’s ability to access your files without restrictions. It was initially planned to be integrated into Android 10, but was rolled back after developers complained it was poorly implemented. Reworked and improved, it’s now back, and carries on the concept of ensuring third-party apps have the least amount of access needed in order to limit the risk of data leakage or theft. Apple’s iOS has limited what data apps can access outside of their own code more regularly.
Such developments are a welcome change to Android, reckons Alan Woodward, professor of cybersecurity at the University of Surrey. “It’s always a good idea to keep checking that apps require the access they’ve been given: you never know when some malicious app might piggy back on another’s privileges.”
Keeping other data on your phone safe is another priority Android is tackling in its changes to Android 11. A feature first announced at Google’s I/O conference last year that would allow people to securely store identification documents, like passports or driving licences, is being introduced in the new operating system. The new IdentityCredential API is a significant change, believes Boiten. “Google is aiming to own a broader slice of the online authentication and verification story. This may have interesting consequences in contexts where governments seek to require age verification or universal identification systems,” he says. However, he’d like reassurance that this level of security isn’t just protected against thieves being able to access e-passports or police breaking into your phone to identify you, but also Google itself.
That’s a worry Baines also has. While Google including identification recognition in its operating system is welcomed, because it builds trust in the promise of e-identities in the future, it does suggest that “Google is looking to actively shape the future of identity and authentication – and ensure that Android devices have a key role in identifying us officially in the years to come.”
Many of these features are well-known to iPhone users, of course. But Woodward disagrees that this is Android directly copying Apple in its smartphone security. “I think it’s more a case of everyone recognising what is best practice and some OS developers getting there sooner than others – convergent evolution, perhaps,” he says.
Yet while these features are being introduced at an operating system level, the Android market is so fragmented that just because the newest version of Android is updated, it doesn’t mean that security vulnerabilities will be patched. The vast majority of Android phone users aren’t running the most modern operating system. More than one in 20 people who own an Android phone worldwide are running an operating system released in November 2014.
The range of Android users is much broader, too – so don’t expect every single feature to be introduced by apps, just because it can. “I suspect we’ll see Android built to make use of many security features that Apple use but it’ll also need to cater for the lowest common denominator which may delay the introduction by some device vendors,” says Woodward.
More great stories from WIRED
🏙️ A huge Airbnb scam is taking over London
🚙 Thinking of buying an electric car? Read this first
🍅 Why do modern tomatoes taste so bad?
📢 How Slack ruined work