Android 17 Second Beta Expands Privacy Controls for Contacts and Local Networks

Post Views: 12

Android 17 Beta 2 Released with Enhanced User Data Protection

Google has released the second beta of Android 17, which introduces significant updates to the platform’s behavior and new APIs aimed at enhancing user data protection. A key focus area is the safeguarding of sensitive contact and local network data.

Contacts Picker and Enhanced Data Protection

To limit contact data exposure, Android 17 introduces a system-level Contacts Picker that grants apps temporary access only to the contact information a user selects. This feature works across both personal and work profiles on the device, providing an additional layer of protection. The Contacts Picker ensures that apps can only access the specific contact data a user intends to share, reducing the risk of unauthorized data collection.

EyeDropper API for Secure Screen Content Access

Another new feature is the EyeDropper API, which enables apps to select a color from any pixel on the screen without requiring screen capture permissions. This API provides a more secure alternative for apps that need to access screen content.

ACCESS_LOCAL_NETWORK Permission and Local Network Data Protection

Android 17 also introduces a new runtime permission, ACCESS_LOCAL_NETWORK, which governs access to devices and services on a local area network (LAN). Apps must declare and request this permission to discover or connect with local devices, such as smart home products or casting receivers. This change restricts background access to local network data and reduces the risk of tracking or unauthorized data collection.

“Apps targeting Android 17 or higher will now have two paths to maintain communication with LAN devices: adopt system-mediated device pickers to skip the permission prompt, or explicitly request this new permission at runtime to maintain local network communication.” – Matthew McCullough, VP of Product Management for Android Developer

SMS Verification Code Safeguards and OTP Handling

In addition to these updates, Android 17 expands safeguards for SMS verification codes by delaying programmatic access to one-time password (OTP) messages for most apps by three hours. This limits the ability of apps to intercept verification codes. Default SMS apps and approved companion apps are exempt from this restriction. Developers are encouraged to use SMS Retriever or SMS User Consent APIs for OTP handling.

Updated Permission Requirements for Apps

Apps targeting API level 37 or higher must follow these updated permission requirements, which give users more control over how apps access personal and network data. By introducing these new features and APIs, Android 17 aims to provide a more secure and private experience for users.