Android 13 Tries to Make Privacy and Security a No-Brainer

Android 13 Tries to Make Privacy and Security a No-Brainer 1

Android already limited how much access apps had to the clipboard and notified users when an app grabbed something from it. But Android 13 adds another layer by automatically deleting whatever is in your clipboard after a short interval. This way, apps can’t find out old things that you copied, and—bonus—you’re less likely to inadvertently share your coworker’s list of reasons they hate your company with your boss. Android 13 also continues a process of reducing apps’ ability to require location sharing for things like enabling Wi-Fi. 

Android 13 requires new apps to ask permission before they can send you notifications. And the new release expands on a feature from Android 11 that automatically resets an app’s permissions once you haven’t used it for a long time. Since its debut, Google has extended the feature all the way back to devices running Android 6, and the operating system has now automatically reset more than 5 billion permissions, according to the company. This way, a game you don’t play anymore that had permission to access your microphone three years ago can’t still listen in. And Android 13 makes it easier for app developers to remove permissions proactively if they don’t want to retain access for longer than they absolutely need.

Making sure that Android devices around the world can get security updates has been a core hurdle for Google, since Android’s open source ethos allows any manufacturer to deploy its own version of the operating system. To improve the situation, the company has spent years investing in a framework called Google System Updates that breaks down the operating system into components and allows phone makers to directly send updates for the different modules through Google Play. There are now more than 30 of these components, and Android 13 adds ones for Bluetooth and ultra-wideband, the radio tech used at short range for things like radar.

Google is working to reduce common vulnerabilities that can show up in software by rewriting some crucial parts of the Android code base in more secure programming languages like Rust and creating defaults that nudge developers in a more secure direction with their own apps. The company has also worked to make its application programming interfaces more secure and has started offering a new service called Google Play SDK Index that provides some transparency into widely used software development kits, so developers can be more informed before they incorporate these third-party modules into their apps.

Similar to Apple’s iOS Privacy Labels, Android recently added a “Data Safety” field in Google Play to give users a sort of nutrition-fact label explaining how apps say they will handle your data. In practice, though, these types of disclosures aren’t always reliable, so Google is offering developers the option to have a third party independently validate their claims against an established mobile security standard. The process is still voluntary, though.

“We provide all these tools to developers to make their apps safer, but it’s important that they can actually prove that out and validate it through an independent third party, a set of labs testing against an established standard,” says Eugene Liderman, director of Android Security Strategy.

Android and Apple’s iOS have both been moving toward offering the ability to store government-issued identification. In Android 13, Google Wallet can now store such digital IDs and driver’s licenses, and Google says it’s working with both individual states in the United States and governments globally to add support this year.

With so much to focus on and refine, Android 13 attempts to take a sprawling situation and rein it in rather than letting it spin out of control. And Android’s D’Silva says there’s one release coming later this year that she’s particularly looking forward to: a sort of safety center within Settings that will centralize privacy and security options in one location for users. An acknowledgment, perhaps, that it’s all become too much for the average user to keep track of on their own.