In a boost to user privacy, commit notes for Android P indicate that apps idling in the background won't be allowed to access the camera or microphone.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Android P, the upcoming iteration of Google's mobile OS, is adding built-in features to protect users from apps spying on them using the camera or microphone: Idle apps will have access revoked automatically.
- Malware capable of covertly recording audio, video, and taking photos is reality, making this change to Android an essential one for user privacy and security.
The commit notes for both the camera and microphone changes note that they will affect apps idle for "more than a certain amount of time" without specifying what that is. Users who talk on the phone while using other apps won't have to worry, for example, because the dialer app went into the background while active.
XDA Developers says the point at which an app is considered idle is controlled by the Doze state, a feature added to Android Nougat to improve device battery life. An app in a Doze state has its access to the CPU and network restricted, and this newest feature will also kill a dozing app's access to the camera and microphone.
A more secure Android
The way that Android restricts access to the camera and microphone for idle apps in Android P is slightly different, though both are controlled by Android monitoring app user IDs (UIDs), which are assigned when an app is installed and are permanent until an app is uninstalled.
UIDs that request access to the camera while in the background and idle will generate an error and lose access to the camera.
Microphone-using apps, on the other hand, won't actually be cut off from the microphone, but will "report empty data (all zeros in the byte array) and once the process goes in an active state we report the real mic data." The Android commit notes for the change say that method avoids a race between apps being notified about their lifecycle and the system being notified about the state of a particular UID.
SEE: Mobile device computing policy (Tech Pro Research)
Regardless of how they're implemented, both changes are sure to alleviate spying fears for Android users. Android malware capable of capturing video, images, and audio isn't theoretical—it already exists in the form of Skygofree and Lipizzan, and speculation is rife that advertisers use similar tactics to listen in on app users.
Android P, which is still without a release date (or even a name), will hopefully help users trust their devices a bit more. Carrying a potentially active microphone or camera around at all times can make even the most trustworthy person paranoid. Luckily, Google seems to understand that and is taking action to make its user base more comfortable.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Android security: This newly discovered snooping tool has remarkable spying abilities (ZDNet)
- Google Home Mini spied on user 'thousands of times a day,' sent recordings to Google (TechRepublic)
- Android app stores flooded with 1,000 spyware apps (ZDNet)
- Are third-party macOS apps spying on you? (TechRepublic)