Google reveals how Android’s Private Compute Core keeps your data secure

Android Police

Over a year after the debut, we get a glimpse at how it works

Google is responsible for several AI and ML-enabled features which have made their way to Android, like Live Translate and Smart Reply. User data from these two services doesn't make its way to Google thanks to Android's Private Compute Core, but similar services usually rely on cloud-based data models. In fact, a lot of your data is constantly streamed to Google and other service providers to make the feature work, as some community-developed utilities revealed recently. To help allay any privacy concerns, Google has released a new technical whitepaper explaining how Android’s Private Compute Core has evolved.

Android 12 packed several cosmetic improvements, but on the privacy and security front, the Private Compute Core (PCC) was one of the biggest upgrades besides the new privacy dashboard and indicators when apps and services access your camera and mic. The PCC helps improve the security of on-device machine learning and AI processing tasks by isolating it from the other processes and the web. All the sensitive data streams are processed in isolated processes defined as a part of the Android Open Source Project (AOSP) and controlled by public Android APIs.

Source: Google

You may wonder how machine learning models will actually learn if phones running Android 12 and later prefer using the PCC for on-device processing. Well, Google explains (albeit in very vague terms, through a comic) that decentralized training for the learning models behind these awesome features is the way forward — a simple way to ensure your data never leaves your phone.

On-device machine learning data can only leave the private sandbox via Android's Private Compute Services, which ensure that this data is encrypted and that it's impossible to pull private data from it. The encrypted results from thousands of devices are then aggregated, and only the aggregate can be decrypted. Since these models scope out patterns in the sample data and then learn to identify them, Google ensures no single contributor's data (from any one phone) can be gleaned at by limiting how much is shared or adding noise to obscure unique data. The AI/ML model is then sent back to the users in small nuggets with newfound skills, from where more testing data is collected to continue the cycle and retrain the model.

Models actively used on your device remain static, with no tangible improvements until Google rolls out an update, but that also means your phone isn't constantly pinging third-party servers to constantly feed and receive your personal data pertinent for these AI/ML models running behind the scenes. The advantage of the route Google opted for is also that it doesn't have a tangible effect on your battery life, as your handset needs to be idle, charging, and connected to Wi-Fi for the ML optimization process to begin.

If you’re interested in the nitty-gritty details of it all, we suggest you look at Google’s technical whitepaper for researchers. It includes all the privacy structures, complete with in-depth explanations of all the processes the company has built with PCC.

The PCC has already been operational since Android 12 was introduced, working to keep your data private while improving AI and ML for the collective good of the Android community. The enhancements achieved by this may not always be noticeable, but Google has you to thank for the gradual enhancements in capabilities of various AI and ML features.