When installing a new app, you have to click "accept" to give the program access to your location, camera and microphone. That unlocks a lot of potential in your apps, but it also opens up the question of when exactly those apps are collecting your data.
Until now, it's been hard to know the answer on phones use the Android operating system, made by Google.
On Thursday, Google told developers that things would be different with. At its I/O event, Android Security product manager Xiaowen Xin told app developers in the audience, "You will no longer be able to access the camera, microphone or other sensors while your app is running in the background."
It was one of a handful of privacy and security updates to Android P that Google announced on day three of its developer conference. On the main stage at the Shoreline Amphitheater, Xin and Android head of cybersecurity Dave Kleidermacher laid out updates to the open-source operating system that as of 2017 ran 84 percent of all smartphones in the world. The security updates aim to lock down your information in a variety of situations, including when you lose control of your phone and when you're storing or sending highly sensitive information.
The updates come after Kleidermacher, the most prominent of which is Apple's iOS software for iPhones and iPads. It's a bold statement for a company that for years has struggled to keep Android phones updated with critical patches that fix security holes and that's endured a seemingly endless game of whack-a-mole to keep malicious apps out of its Play Store.
The new limits on what apps can access when you're not actively using them comes after years of reports that apps use sensors in ways you might not expect. Certain apps became notorious for their abuse of their access to your camera, microphone and other sources of data.
Flashlight apps are one of the best-known offenders, with the US Federal Trade Commission cracking down on one app that it said deceived users about the data it was collecting. (Thankfully, phones running Android or iOS both come with built-in flashlights now.)
Also on the docket for Android P is a special interface that developers can use secure extra sensitive information, making sure only specific apps can access it. Think data about your health and money. The tool uses beefed-up encryption to cloak the data, so attackers can't alter it and create havoc.
Google is partnering with several companies to put this to use, including Bigfoot Biomedical for its insulin pump app and the Royal Bank of Canada for a banking app, Kleidermacher said.
Another feature, called Strongbox, locks away code that authenticates your identity in a segregated part of your device's chip. That protects it from hackers who might have deep access to your phone.
The Strongbox feature will only be available with some new phones that go out to customers with Android P already running. That's because the chips in the phones have to be designed to work with the program.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.