Android 11 – Privacy and Security News Opinion Arran Kirkup March 4, 2020 5 Minutes Read Google have progressively added more ways to keep users secure and increase transparency and control over the last few years. These changes have been popular with users – for example in Android 10 Google added the “While app is in use” permission option to give users more granular control over their location and limit background location access. So far, when given the “While app is in use” option, about half of users select it. In Android 11 they’re continuing their focus on user privacy with new permission options, updates to scoped storage, and more. Please give these features a try with your apps right away and let us know what you think.Privacy One-time permission – For the most sensitive types of data – not just location but also for the device microphone and camera – users can now grant temporary access through a one-time permission. This permission means that apps can access the data until the user moves away from the app, and they must then request permission again for the next access. More information here. Scoped storage – they’ve continued their work to better protect app and user data on external storage, and made further improvements to help developers migrate more easily. This preview release includes several enhancements, such as opt-in raw file path access for media, updated DocumentsUI, and batch edit operations in MediaStore. Along with these technical changes, based on your input, Google are also giving you more time to make the migration and the changes will apply to your apps when they target Android 11. Read more here and watch for more enhancements in subsequent updates. They are also updating Google Play Policy to ensure that apps only request location permissions when truly necessary. Read more Security Google have been attempting to raise the bar in regards to security with each version of Android — from reaching more devices with monthly security updates to building more protections into the latest platform. In Android 11, they’ve extended Android’s defense-in-depth strategies to more areas of the platform and added new features and APIs for apps. Biometrics – They’ve expanded their biometrics support to meet the needs of a wider range of devices. BiometricPrompt now supports three authenticator types with different levels of granularity — strong, weak, and device credential. BiometricPrompt has been decoupled from the app’s Activity lifecycle to make it easier to integrate with various app architectures and to improve the transaction UI. All apps using biometric auth should move to the BiometricPrompt APIs, which are also available in AndroidX for compatibility with earlier versions of Android. Platform hardening – Google have expanded the use of compiler-based sanitizers in security-critical components, including BoundSan, IntSan, CFI, and Shadow-Call Stack. They’ve also enabled heap pointer tagging for apps targeting Android 11 or higher, to help apps catch memory issues in production. These hardening improvements may surface more repeatable/reproducible app crashes in your code, so please test your apps. They’ve used HWAsan to find and fix many memory errors in the system, and now offer HWAsan-enabled system images to help you find such issues in your apps. Secure storage and sharing of data – Apps can now share data blobs easily and more safely with other apps through a BlobstoreManager. The Blob store is ideal for use-cases like sharing ML models among multiple apps for the same user. Identity credentials – Android 11 adds platform support for secure storage and retrieval of verifiable identification documents, such as ISO 18013-5 compliant Mobile Driving Licenses Android historically has been under the shadow of Apple when is comes to security. With a more open and accessible eco-system they have always struggled and with the current pressure for greater security they have had to change. Through the last few iterations of Android has made strides to catch apple up and they are implementing plenty to alleviate all of their users concerns. Next time i’ll be looking into some of the other features and changes we are still yet to talk about in this developer release.