PE for Android

New Private Data Service APIs for App Developers

PE for Android supports a new way for apps to access sensitive data types such as location, contacts, and SMSs. Through the Private Data Service and Privacy Abstraction Layer, apps may ask for sensitive data to be transformed and returned to the app in lieu of requesting access directly to the underlying information. This enables (for example) a weather app that only receives the phones current zip code, or a messaging application that receives a contact's name when a phone number is given.

Portions of this diagram are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 3.0 Attribution License. https://source.android.com/setup/

Private Data Transformations

Key components of the PE for Android system are new class of trusted modules, dubbed μPALs, that integrate with the Privacy Abstraction Layer. These μPALs are responsible for performing the data transformation requested by apps. PE for Android exposes a new set of APIs to allow developers and researchers alike to create μPAL modules of their own that, once proven, may later be integrated into the core Android OS.

User Privacy Insight and Control

PE for Android provides new APIs to develop Privacy Policy Managers that give more introspection and control over private data accesses within the phone. With each request to install an app, access private data, or request private data transformations via μPALs, the active Policy Manager is queried for a decision whether to allow or deny the request. To aide in these decisions, additional contextual information is supplied to help make a more nuanced decision from the Policy Manager than the current permission mechanisms of Android allow.