Google has released a new technical whitepaper about Android's Private Compute Core and how it has evolved, as reported by Android Police.
The Private Compute Core
The Android 12 came with many improvements, and when it came to privacy and security, the Private Compute Core (PCC) was one of the biggest upgrades. It helps boost the security of on-device machine learning and Artificial Intelligence (AI) processing tasks by isolating them from other processes and the web.
Therefore, all streams of sensitive data are processed in an isolated way defined as part of the Android Open Source Project )AOSP) and controlled by public Android APIs.
Machine-learning models will need decentralized training to ensure the data never leaves the mobile phone. The only way the data can leave the private sandbox is through the Private Compute Services.
The Private Compute Services ensure that data is encrypted, and it will then be aggregated. Only the aggregate can be decrypted, and Google ensures that no contributor's data can be cleaned as it limits how much is shared or adds noise that can obscure the unique data. The AI/ML model will be returned to users with new skills in small nuggets.
In addition, the models on the device will be static until Google rolls out a new update. This also means that third-party servers won't ping the phone. Another great thing about this is that it won't hugely impact your battery life because the device must be idle, charged, and connected to WiFi for the ML optimization process to start.
So, in a nutshell, a user's data stays on the device until the PCC transmits it. The aggregated data (without any personal identifying information) will be given to Google to improve the model. The phone will be pinged when an update is required, and the updating process occurs in the background.
The PCC is an isolated Android Component that can be distributed among all Android devices. It's a great step towards AI and machine learning, as it can help protect user data, add new features, and find new ways to improve security on Android devices.
In the end, it's great to see that Google is taking its time to improve the security of Android and make it a much more secure operating system. Let's hope that Google is taking the security aspect seriously and that other OEMs will implement the PCC in the near future. You can read the whitepaper here.