Android’s Private Compute Core provides a secure, isolated environment on devices, safeguarding sensitive user data while enabling advanced features. To extend the capabilities of this core to the cloud without compromising privacy, Google developed the Private Compute Services App. This suite of services acts as a privacy-preserving intermediary, allowing Private Compute Core to interact with cloud resources securely and privately.
Since Android 11, direct communication between Private Compute Core components and other apps has been restricted, reinforcing on-device privacy. Android 12 further strengthens these protections by preventing direct network access from within Private Compute Core. Instead, features within the core utilize Private Compute Services through a defined set of APIs. This ensures that no personally identifiable information escapes the device without undergoing rigorous privacy measures. These measures include federated learning, federated analytics, and private information retrieval, all designed to maximize data utility while minimizing privacy risks. You can delve deeper into the architecture and motivation behind these services in Google’s official blog post.
Key APIs in Private Compute Services
Private Compute Services offers several crucial APIs that facilitate privacy-centric cloud interactions:
- Private Information Retrieval (PIR): This API empowers devices to download specific portions of a dataset from a server without revealing to the server which data slices were accessed. This is essential for maintaining user privacy when retrieving information from the cloud.
- Federated Compute: This API enables privacy-preserving machine learning and data analysis across numerous devices. It aggregates insights from distributed data without requiring raw data to leave individual devices, upholding user privacy in collaborative computations.
- HTTP Download: Facilitating access to static resources like updated machine learning models is crucial for keeping on-device features current. This API allows secure and private downloads of necessary resources.
- Protected Download: Extending download security, this API incorporates a binary transparency log-based verification process. This ensures that downloaded resources are authentic and officially provided by Google, adding a layer of security and trust to resource acquisition. More details on Protected Download can be found in the project’s README file.
Open Source Dependencies
The Private Compute Services app leverages several open-source repositories, ensuring transparency and community contribution. While some dependencies remain closed-source for proprietary reasons, all API definitions are publicly available within the open-sourced components. This commitment to open-source principles underscores the project’s dedication to transparency and collaborative development in privacy-preserving technologies.
