Android 17 Launched, What New Privacy/Security Features Does it Bring?

Android 17 Launched, What New Privacy/Security Features Does it Bring?

Android 17 has now officially launched, bringing with it a slew of new privacy and security upgrades like the new Contact Picker and post-quantum app signing.

The update has started to ship in Google Pixels and will be rolled out slowly over time.

New in Android 17 is the system Contact Picker, which allows you to grant apps access to only a specific subset of your contacts. This is similar to a feature launched in iOS 18 allowing you to select specific contacts on a per-app basis.

The Local Network permission that shipped in Android 16 was opt-in for developers, but now in Android 17 it's required in order to access your local network.

Loopback traffic is now blocked between profiles by default as well.

According to Android Authority, the Advanced Protection Mode, similar to iOS Lockdown Mode that restricts certain features for security, is getting a few new security enhancements. These include:

  • Blocking accessibility service for apps that aren't accessibility apps
  • Disabling device-to-device unlocking
  • Disabling WebGPU in Chrome
  • Spam detection for chat notifications
  • And support for Android Enterprise for managed devices

Even if apps are granted SMS permission, they will not have access to SMS OTP codes, protecting you from a malicious app stealing your account 2FA login details.

Android 17 also enabled Encrypted Client Hello (ECH) by default. ECH is a TLS extension that encrypts the Server Name Indication in the TLS handshake, something that shows what website you're visiting in regular TLS.

Your passwords will now be fully hidden by default when typing using a physical input device like a keyboard.

Google will now be enabling Theft Protection by default on Android 17 devices to help protect your data against thieves. They've also reduced the number of allowed failed PIN attempts and increased the time in between attempts.

You can now grant apps temporary precise location access while they are open, which is revoked when they're closed.

Android 17 now support hybrid post-quantum cryptography for app signing, to protect against the future threat of quantum computers. Google views this as the "first phase" in their transition to PQC, which you an read about here.

They're also hardening the background audio framework to ensure that apps playing audio in the background don't make changes to the audio that aren't intended by the user.

There's many more changes as well, you can read about them in the official list of changes.

Community Discussion