Google has disclosed more technical details about how Private Compute Core (PCC) on Android works and keeps sensitive user data processed locally on protected devices.
Introduced in Android 12, PCC is a secure, isolated, and trusted environment within the operating system where data from sensors, GPS, microphone, camera, and screen are stored and processed to offer machine learning features to the user.
Examples of those intelligent features include ‘Live Caption,’ which uses the microphone for speech recognition, ‘Now Playing,’ which recognizes the song, or ‘Smart Reply,’ which suggests responses in messaging apps.
How PCC works
Ambient and OS-level data processed in this protected “sandbox” can be used to enable intelligent features on Android devices via the ASI system but are kept out of the reach of applications and remote servers, protecting users’ privacy.
The isolation of PCC from all other apps is achieved by using the Android Framework API for all data inputs and outputs from and to the PCC, facilitated by permissions granted during OS installation.
Only OS updates can modify this permission, so no app or remote server connection can change this.
BleepingComputer asked Google about the effects that PCC has on data protection from malware that may have compromised an Android device and got the following comment:
“PCC makes it harder for malware to exploit the OS. PCC ensures that device features handle data according to best practices, including not storing it for longer than needed, so it inherently reduces the risk of malware.”
“That said, PCC is designed specifically for user data privacy, not as an additional security protection against malware.”
This data sealing includes Google itself, as all user data processing happens inside the PCC enclave, locally on the device.
If the ML features require the interaction of that data with outside endpoints, Google’s Private Compute Services will enable an encrypted exchange.
Private Compute Services (PCS) is a collection of services that provide a privacy-preserving link between PCC and the cloud.
PCS was recently open-sourced as part of Google’s ongoing commitment to transparency, and its source code is available on this GitHub repository.
Google says that to improve PCC based on usage stats, it leverages federated learning and analytics while it monitors the performance of its machine learning models using private information retrieval.
Federated analytics and learning enable Google to train ML models without centralized data collection, running the raw data analysis computations locally on the users’ devices.
The machine learning features of PCC remain updatable as the system is still part of the Android OS, so it can continue to evolve independently.
All that said, PCC isn’t outside the user’s control. For example, if sensor toggles are turned to “off,” they will stop generating and sending data across the operating system, including the PCC.
Additionally, users can restrict data sharing with PCC by going to Settings > Google > Personalize using app data and setting the toggle to the ‘off’ position for apps that support ML features.
For more details on the operation and functional characteristics of the PCC, Google’s engineers have also published a technical paper on Arxiv.org.