Tech
Android 16 might better protect your data with its Advanced Protection Mode
Rita El Khoury / Android Authority
TL;DR
- Android 16 is preparing to add a new Android Advanced Protection Mode service.
- This service lets users enroll their device into Advanced Protection Mode via Settings.
- Apps can check if you’re enrolled in the service and then apply additional security measures to protect your data.
For many people, their Google account holds a ton of sensitive personal, financial, and medical information. That’s why securing your Google account with a strong password or passkey is crucial, and it’s also why you should be incredibly cautious about what apps and services you install and what permissions you grant them. If you’re particularly worried about hackers getting access to your data and want a bit of extra protection, you can go online and enroll in Google’s Advanced Protection Program, which locks down certain features in the aim of security. Next year’s Android 16 update could take Advanced Protection a bit further by letting apps deploy additional security measures when the mode is enabled.
Google announced its Advanced Protection Program back in 2017 to provide people whose Google accounts have particularly valuable data an extra layer of protection. The program is targeted at users who are at an elevated risk of getting hacked, like IT admins, journalists, activists, business executives, and politicians. If you enroll in the Advanced Protection Program, then you’re forced to use a security key or passkey to sign into your Google account, you’re prevented from downloading files that Google Chrome marks as harmful, and you’re blocked from giving unapproved (by Google) apps access to your Google account data.
Google’s Advanced Protection Program.
In early 2020, Google expanded its Advanced Protection Program to secure Android phones. Advanced Protection not only forces Google Play Protect to stay enabled but also blocks you from installing apps from outside the Google Play Store or other preinstalled app stores. It’ll also warn you about apps on the Play Store that haven’t been approved by Google. While these restrictions go a long way in protecting the average user from installing new malicious apps, more could arguably be done to protect sensitive data in existing apps. That’s what Android 16’s new Advanced Protection Mode seems to be aimed at solving.
While I was browsing the AOSP Gerrit the other day, I came across a patch titled “[AAPM] Introduce new Service for Android Advanced Protection Mode.” While the new code in the patch itself doesn’t reveal any information about what the Android Advanced Protection Mode does, the description of the patch reveals that the service “will be used to enroll devices into a security conscious protection mode, and to allow clients to customise [the] behaviour based on the state of this mode.” A Google engineer elaborated a bit further on what this means in the comments, stating that “the service allows users to enroll into ‘advanced protection’ via Settings, and for apps to check if the user is enrolled, via the ‘AdvancedProtectionManager#isAdvancedProtectionEnabled()
‘ api.”
Essentially, Android 16 is adding a way to enable “advanced protection” in the Settings app. When advanced protection is active, apps can call a new API to see if it’s enabled and then customize their behavior accordingly. It’s up to apps to decide exactly what to do when this is turned on, but I could imagine apps that, say, have some sort of extra screen lock option might enable that when advanced protection is engaged.
As for how I know Google is working on this feature for Android 16 and not one of the upcoming Android 15 QPRs, it’s because of a minor detail in the new code that Google is adding. The new code adds SELinux policy for the new Android Advanced Protection Mode service, but this policy only applies if the “board API” level is set to 202504, which happens to be the vendor API level for next year’s Android 16 release. Plus, the fact that there’s going to be a new API for apps to use means we have to get a bump in the API level (and thus, Android version) since Android 15 has already reached Platform Stability. It’s possible this new API will be limited to system apps in which case Platform Stability wouldn’t matter, but I doubt that’s the case.