Google: How Android's private computing core protects data

Google has revealed more technical details about how the Private Compute Core (PCC) on Android works and how it processes sensitive user data locally on protected devices.

Introduced in Android 12, PCC is a secure, isolated, and trusted environment in the operating system where data from sensors, GPS, microphone, camera, and screen is stored and processed to provide machine learning capabilities to users.

Examples of these smart features include “Live Caption” which uses the microphone for voice recognition, “Now Playing” which identifies songs, or “Smart Reply” which suggests responses in the Messages app.

How PCC works

Environment and OS-level data processed in this protected “sandbox” can be used to enable smart features on Android devices through the ASI system, but will not be accessible to applications and remote servers, thus protecting user privacy.

Isolation of PCC from all other applications is achieved by using the Android Framework API for all data input and output to PCC and is facilitated by permissions granted during OS installation.

Only operating system updates can modify this permission, so no application or remote server connection can change this.

BleepingComputer asked Google about the impact of PCC on data protection against malware that may have compromised Android devices and received the following comment:

"PCC makes it more difficult for malware to exploit the operating system. PCC ensures that device functions handle data according to best practices, including not storing data longer than necessary, so it inherently reduces the risk of malware."

“That said, PCC is designed specifically for user data privacy, not as additional security protection against malware.”

This data sealing includes Google itself, as all user data processing occurs within the PCC enclave, local to the device.

If the ML function requires the interaction of that data with an external endpoint, Google’s private compute service will enable encrypted exchange.

Private Computing Service (PCS) is a collection of services that provide privacy-preserving links between PCC and the cloud.

As part of Google's ongoing commitment to transparency, PCS was recently open sourced and its source code is available in this GitHub repository.

To improve PCC based on usage statistics, Google said it leverages federated learning and analytics while using private information retrieval to monitor the performance of its machine learning models.

Federated analysis and learning enables Google to train ML models without centralized data collection, running raw data analysis computations locally on user devices.

PCC’s machine learning capabilities remain updatable because the system remains part of the Android operating system, so it can continue to evolve independently.

However, the PCC is not outside the control of the user. For example, if the sensor switches are toggled to "off", they will stop generating and sending data to the operating system (including the PCC).

Additionally, users can limit data sharing with PCC by going to Settings > Google > Use app data for personalization and setting the switch for ML-enabled apps to the Off position.

Android setting to disable ML features​