Android P to prevent background apps from accessing the camera and recording via microphone

Google’s next Android upgrade is just months away, and we already learned that the Android P would embrace iPhone X top-notch design. Although we don’t have the core features of Android P, XDA Developers are now discovering tidbits thanks to Android’s open source commit. 

According to the commits, new rule-sets in Android P will now prevent idling background apps from accessing the camera and recording you via microphone. This move is aimed at preventing the increasing number of malicious malware apps and trojans in taking control of your smartphone when the screen is turned off.

The new API rules change targets apps (User IDs), the identifiers Android assigns each application at install time, and they’re unique to each app, and they don’t change as long as an app remains installed on your phone or tablet, it’ll retain the same app ID.

In Android P, when the camera service detects any app UID is idle that is Doze mode and background running apps limited access to access to CPU and network intensive services, it will now generate an error and close access to the camera and any subsequent camera requests from the inactive UID will generate errors.

In the same way, Android P will also impose limitations on idle background apps from accessing the microphone. Technically, any app that you might have granted microphone access could be running in the background and recording anything you say, though Android Oreo limited that, it was still a possibility. Google is working on fixing it.

In Android P, Google is aiming at restricting microphone access when an App’s UID enters an idle state. Instead of writing data from the microphone to a file, it’ll report empty data. Once the app becomes active again, it’ll start recording real data. This again is a privacy and security measure from making apps record everything. Both the camera and microphone limited access shows how privacy is a major concern for Google in tackling the malware and malicious attacks.

Source 1, 2 | Via 1, 2