互联网络

Will the next version of Android get location privacy right?

微信扫一扫,分享到朋友圈

Will the next version of Android get location privacy right?
0

Better late than never, Google has confirmed that improved control over location tracking is one of several new privacy features in the next version of its mobile OS, Android Q, due to appear later this year.

It’s an issue that’s been giving Google some grief in the last year as a series of investigations have revealed the way that Android apps – and even perhaps Google itself – furtively track users’ locations.

Currently, location access can be granted or denied on an app-by-app basis. However, there is nothing to stop an app that has been granted that permission continuing to track users’ locations even when it is not in use.

It’s become so controversial that Facebook even announced that it was unilaterally adding location-tracking control to its Android app to head off public concern about its data-gathering behaviour.

From Android Q onwards, apps will no longer be able to do this by default and will need to request background location access. Writes Google VP of Engineering, Dave Burke:

Android Q enables users to give apps permission to see their location never, only when the app is in use (running), or all the time (when in the background).

Will this put the location-tracking controversy to bed? Apart from the fact that only a small minority of Android devices will get Q (aka Android 10), Google’s playing catchup here: Apple’s iPhone has had the same feature since iOS 11 in 2017 .

But this important change shouldn’t overshadow a range of other privacy and security features being added to the mix with Q.

Device identifiers

Most Android users have probably never heard of Android’s Advertising ID (AAID), an identifier Google launched in 2013 so advertisers could legitimately track users whilst giving the latter the option to reset (i.e. wipe) the ID as often as they pleased.

Unfortunately,a recent analysis found that some advertisers have been bypassing this system by tracking identifiers that can’t be changed such as Android device ID and IMEI number. Android Q wants to restrict this behaviour :

We’re limiting access to non-resettable device identifiers, including device IMEI, serial number, and similar identifiers.

It will also randomise a device’s hardware MAC address when connecting to different Wi-Fi networks – an Android 9 setting that will become the default.

App-scoped storage

Each app will get its own isolated sandboxed storage when using external media such as SD cards, which no other app will be able to access.

Because files are private to your app, you no longer need any permissions to access and save your own files within external storage. This change makes it easier to maintain the privacy of users’ files and helps reduce the number of permissions that your app needs.

TLS 1.3

Of all the minor tweaks, the addition of support for TLS 1.3 is significant. This is the latest incarnation of the protocol used to set up HTTPS between a browser and websites which adds speed and more privacy in the negotiation phase.

A final unfamiliar aspect of Android Q is that users with Google Pixel smartphones can get hold of beta version 1 this week as an over-the-air downloadable system image (no need to root a device or wait for later builds).

We don’t recommend this for anyone other than developers (stability might be an issue) but it’s interesting that Google is allowing the world to see new Android versions this early.

阅读原文...


微信扫一扫,分享到朋友圈

Will the next version of Android get location privacy right?
0

Naked Security

Why CEOs Need A Broader, More Transformative Culture Of Innovation

上一篇

Hunting for weak spots in Java and Python projects is easier than ever with SAP’s Vulnerabi...

下一篇

评论已经被关闭。

插入图片

热门分类

往期推荐

Will the next version of Android get location privacy right?

长按储存图像,分享给朋友