What is PE for Android?

Privacy Enhancements for Android (PE for Android) is a platform for exploring concepts in regulating access to private information on mobile devices. The goal is to create an extensible privacy system that abstracts away the details of various privacy-preserving technologies. PE for Android allows app developers to safely leverage state-of-the-art privacy techniques without knowledge of esoteric underlying technologies. Further, PE for Android helps users to take ownership of their private information by presenting them with more intuitive controls and permission enforcement. The platform was developed as a fork of the Android Open Source Project (AOSP) release for Android 9 “Pie” and can be installed as a Generic System Image (GSI) on a Project Treble-compliant device.

New Private Data Service APIs for App Developers

PE for Android supports a new way for apps to access sensitive data types such as location, contacts, and SMSs. Through the Private Data Service and Privacy Abstraction Layer, apps may ask for sensitive data to be transformed and returned to the app in lieu of requesting access directly to the underlying information. This enables (for example) a weather app that only receives the phones current zip code, or a messaging application that receives a contact's name when a phone number is given.

Portions of this diagram are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 3.0 Attribution License. https://source.android.com/setup/

Private Data Transformations

Key components of the PE for Android system are new class of trusted modules, dubbed μPALs, that integrate with the Privacy Abstraction Layer. These μPALs are responsible for performing the data transformation requested by apps. PE for Android exposes a new set of APIs to allow developers and researchers alike to create μPAL modules of their own that, once proven, may later be integrated into the core Android OS.

User Privacy Insight and Control

PE for Android provides new APIs to develop Privacy Policy Managers that give more introspection and control over private data accesses within the phone. With each request to install an app, access private data, or request private data transformations via μPALs, the active Policy Manager is queried for a decision whether to allow or deny the request. To aide in these decisions, additional contextual information is supplied to help make a more nuanced decision from the Policy Manager than the current permission mechanisms of Android allow.

Additional Reading

  • PE for Android Blog Post
  • PE for Android Whitepaper
  • Developer Documentation

    PE for Android Collaborators

    Carnegie Mellon University

    University of Vermont, UC Berkeley, MIT, and Cornell