The beta version of Android 11, the next version of Google's operating system for mobile devices, comes with lots of security and privacy changes designed to allow the OS to protect users' data from malicious attacks.
On the privacy side, the new Android release will come with one-time permissions, automated permissions reset, and scope storage enforcement.
When it comes to security updates, Android 11 will immediately encrypt the users' data after over-the-air (OTA) updates without requiring user credentials input.
"Every Android release has new privacy and security controls that let you decide how and when data on your device is shared," Google Android Engineering VP Dave Burke said. "Android 11 has even more granular controls for the most sensitive permissions."
Android 11 Beta is already available for development, testing, and feedback, and users with Pixel 2, 3, 3a, or 4 devices can try it right now.
Android's next release is designed to build "upon earlier versions of Android, adding features and updates to keep users secure and increase transparency and control."
For instance, Android 11 will allow users to grant apps temporary permissions to access the device's location, microphone, and camera using one-time permissions.
When the users will next open these apps, they will once again be prompted to give them permission to access data related to location, microphone, or camera.
Android 11 will also automatically reset sensitive permissions of apps that haven't been used by users for a few months. Apps that are expected to mostly work in the background will be provided with the option to request users to disable auto-reset.
"Android 11 discourages requests for permissions that users have chosen to deny," Google adds. "If the user repeatedly taps Deny for a specific permission during your app's lifetime of installation on a device, this action implies 'don't ask again.'"
Android 11 will also change how users can grant apps background location access and will also add one-time location access prompts.
"On Android 11, whenever your app requests access to foreground location, the system permissions dialog includes an option called Only this time," Google explains. "This new option give users more control over when an app can access location information."
Android 11 will also prevent apps from requesting access to background location information via system dialogs but, instead, will required apps to request background location separately via a dedicated settings page.
The next Android release also comes with scoped storage enforcement to better protect app and user data on external storage, changes how apps query and interact with other apps on the same device by encouraging the principle of least privilege, and also changes how foreground services can access microphone and camera data
More information about the privacy changes in the upcoming Android 11 release is detailed in the video embedded below.
Regarding security updates, the users' data will be encrypted right after the device reboots following an OTA update, without requiring them to input their credentials.
"After the device receives an OTA update and restarts, the Credential Encrypted keys that are placed in credential-protected storage are immediately available for File-Based Encryption (FBE) operations," Google says.
"Therefore, your app can perform actions related to file-based encryption before the user enters their PIN, pattern, or password to unlock the device following the restart."
Android 11 will also block access to the users' app usage information until the device is unlocked for the first time after it restarts or the users switch to their accounts.
This means that "neither the system nor any apps can access that data" unless the above two conditions are met. This happens because Android will store "each user's app usage stats in credential encrypted storage," a storage location that becomes available only after the user has unlocked the device.
Android 11 will also use SSL sockets based on Conscrypt's SSL engine by default and the Scudo Hardened Allocator to service heap allocations as a mitigation measure against some types of memory safety violations.