Security news that informs and inspires

Android Q Steps Up Location Privacy

Google is making a number of changes to the way that Android handles location permissions for apps, giving people more options for restricting apps’ usage of location data and making it more difficult for apps to get access to the WiFi, phone, and other APIs.

The changes are coming in the next version of Google’s mobile OS, called Android Q. Although the final version isn’t due for release until August, Google pushed out a beta release of Android Q last week and among the many changes are several modifications to the app permissions as they relate to user privacy and location. The biggest difference has to do with the way that people can allow or deny permission for a specific app to access location information. In current versions of Android, when an app requests access to location data, the user can only allow or deny that request. In Android Q, the user will have the ability to grant conditional access.

“One thing that's particularly sensitive is apps' access to location while the app is not in use (in the background). Android Q enables users to give apps permission to see their location never, only when the app is in use (running), or all the time (when in the background),” Dave Burke, vice president of engineering at Google, said in a post on the Android Q beta release.

“For example, an app asking for a user's location for food delivery makes sense and the user may want to grant it the ability to do that. But since the app may not need location outside of when it's currently in use, the user may not want to grant that access. Android Q now offers this greater level of control.”

Location data can be highly sensitive for many people and can be used to track an individual’s current location and historical travels. Many apps require access to location services in order to operate correctly, but others request access for reasons that are less clear. The change in Android Q allows device owners to grant and remove access to location data on a conditional basis, something that iOS already has.

Android Q also brings a change to the permissions required for an app to scan for wireless and Bluetooth connections. Now, apps will need to have higher privileges in order to perform some of those tasks.

“Most of our APIs for scanning networks already require COARSE location permission, but in Android Q, for Bluetooth, Cellular and Wi-Fi, we're increasing the protection around those APIs by requiring the FINE location permission instead,” Burke said.

Google has been emphasizing the privacy and security features of Android of late, and seems to be placing even more importance on those properties in Android Q. Since the early days of the iPhone, Apple has positioned it as the most secure mobile device on the market and has played up the exploit mitigations, attack resistance, and privacy enhancing features of iOS. Apple has a vertically integrated ecosystem that includes its own software, purpose-built hardware, and an app store model that requires owners to get apps from the official App Store.

The Android ecosystem is a much different beast, with many custom versions of the OS, dozens of device manufacturers, and an app model that allows owners to install software from third-party app stores. That model gives owners more freedom and flexibility, but it also comes with security trade-offs, as those third-party stores obviously aren’t managed by Google and so their apps don’t go through Google’s rigorous security review process. That review system is a significant hurdle for attackers trying to get malicious apps onto users’ devices, so they tend to avoid it if possible.

Another change Google is implementing in Android Q involves the way the OS handles storage for individual apps. If device owners are using external storage, such as removable cards, Android will assign each app its own sandbox on that medium.

“Android Q gives each app an isolated storage sandbox into an external storage device, such as /sdcard. No other app can directly access your app's sandboxed files. Because files are private to your app, you no longer need any permissions to access and save your own files within external storage. This change makes it easier to maintain the privacy of users' files and helps reduce the number of permissions that your app needs,” the Google developer notes for Android Q say.