Enhancing Privacy with Android’s Private Compute Services

We initially introduced Android’s Private Compute Core with the Android 12 Beta. Today, we are pleased to announce a new suite of services designed to establish a privacy-preserving connection between the Private Compute Core and the cloud, known as Private Compute Services.

Understanding Private Compute Core

Android’s Private Compute Core is an open-source, secure environment meticulously engineered to operate in isolation from the primary operating system and applications. With each subsequent Android update, we are committed to incorporating more privacy-focused features into the Private Compute Core. Currently, these features include:

  • Live Caption: Utilizing Google’s on-device speech recognition, this feature generates captions for any media content being played.
  • Now Playing: This feature identifies music playing in the vicinity and conveniently displays the song title and artist directly on your device’s lock screen.
  • Smart Reply: Based on the context of your conversations within messaging applications, this feature intelligently suggests relevant responses.

To ensure the privacy of these functionalities, two fundamental principles are upheld:

  1. Maintaining On-Device Data Privacy: Android guarantees that sensitive data processed within the Private Compute Core remains exclusively on your device. This data is not shared with any applications unless initiated by a specific user action. For example, in the case of Smart Reply, the suggested responses are kept hidden from both your keyboard and the messaging application until you explicitly tap to select one.
  2. Privacy-Preserving Cloud Utilization: To enable essential device functionalities such as downloading updated song catalogs or speech-recognition models, it’s necessary for your device to interact with the cloud. This interaction must occur without compromising your personal privacy. This is precisely where private compute services play a crucial role.

Introducing Android’s Private Compute Services

Machine learning-driven features often benefit from model updates to enhance their performance and accuracy. Private compute services are designed to facilitate these updates through a privacy-centric pathway. Android’s architecture inherently restricts direct network access from within the Private Compute Core. Instead, features communicate with private compute services via a defined set of open-source APIs. These services are engineered to remove any identifying information from the data and employ a range of privacy-enhancing technologies, including Federated Learning, Federated Analytics, and Private information retrieval.

To ensure transparency and foster trust, we are committed to publicly releasing the source code for private compute services. This will enable thorough audits by security researchers and external teams, independent of Google. This open approach allows private compute services to undergo the same rigorous security programs that are integral to maintaining the security of the Android platform.

We are enthusiastic about the vast potential of machine learning to power increasingly helpful features within Android. Android’s Private Compute Core, fortified by the new private compute services, empowers users to leverage these advancements while significantly strengthening privacy protections. Android stands as the pioneering open-source mobile OS to incorporate this level of externally verifiable privacy infrastructure. Private compute services are instrumental in enabling the Android OS to continue its innovation in machine learning, all while upholding the highest standards of user privacy and security.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *