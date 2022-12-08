Google introduced several new privacy and security settings with Android 12, including new toggles to enable/disable the camera and microphone, indicators to show when the camera and microphone were in use, a new privacy dashboard, and more. Although the company provided detailed explanations for these features, it only offered a brief overview of Android's new Private Compute Core.

At its I/O developer conference last year, Google revealed that the Private Compute Core was a secure partition for processing sensitive user data on-device, similar to ones used for passwords and biometric data. The company added that it would be used for several AI-driven features, like Live Caption, Now Playing, and Smart Reply, but it didn't detail how it all worked. This led us to speculate that it uses an Android VM dubbed "microdroid" until a Googler shared some insight late last year and revealed that the Private Compute Core was not related to running virtual machines.Google has now finally offered an official explanation, revealing exactly what Android's Private Compute Core does and how it works.

In a new blog post, Google explains that the Private Compute Core (PCC) "is a secure, isolated data processing environment inside of the Android operating system that gives you control of the data inside, such as deciding if, how, and when it is shared with others. This way, PCC can enable features like Live Translate without sharing continuous sensing data with service providers, including Google. PCC is part of Protected Computing, a toolkit of technologies that transforms how, when, and where data is processed to technically ensure its privacy and safety."

How Android's Private Compute Core works

Android's Private Compute Core essentially keeps sensitive data for features like Live Translate, Now Playing, and Smart Reply confidential from other subsystems. To do so, Google utilizes techniques like Interprocess Communications (IPC) binds and isolated processes. These techniques are included in the Android Open Source Project and can be controlled by publicly available surfaces like Android framework APIs.

Android Private Compute Core architecture overview

Since Google continually updates its AI features, it also needs to keep the machine learning models that run within the PCC up to date. To do so without compromising sensitive data, Google leverages federated learning and analytics and monitors network calls to improve the performance of the models using Private Compute Services. Private compute Services provides a privacy-preserving bridge between the Private Compute Core and the cloud, making it possible for Google to deliver updated AI models and other updates to sandboxed machine learning features over a secure path. Communication between sandboxed features and Private Compute Services happens over open-source APIs that remove identifying information from data.

For further transparency, Google has published a technical whitepaper detailing the data protections in place to keep PCC data confidential, its processes and mechanisms, and diagrams of the privacy structures for continuous sensing features. Additionally, the company recently open-sourced Private Computing Services, allowing the Android community to independently inspect the code that controls data management and egress policies.