Halfpoint - Fotolia

Google I/O 2019 keynote brings focus on security and privacy

After being a no-show at last year's conference, security and privacy improvements were big themes at Google I/O's first day, including discussion on federated learning.

The Google I/O 2019 keynote covered a wide range of Google's product line, and a theme across many of those products was a focus on security and privacy.

While security was not mentioned once during the 2018 Google I/O keynote, Google CEO Sundar Pichai made it clear that privacy and security were priorities this year, saying, "We know our work on privacy and security are never done, and we want to do more to stay ahead of constantly evolving user expectations."

Google aimed to improve user privacy through better controls and a focus on collecting less user data. In terms of controls, some improvements mentioned during the Google I/O 2019 keynote were features that have already begun to roll out to users, including options to auto-delete web and app data Google had collected.

For other controls, the company was less clear about the timelines for when they would be brought to users. Google will soon be introducing auto-delete controls for location data and announced future plans to bring auto-delete settings to other products such as YouTube.

Automatically deleting user data on a set schedule was only part of Google's plans to improve privacy; the other side of that equation was in reducing the amount of data sent to Google servers in the first place.

Google said breakthroughs in various machine learning models have allowed it to greatly reduce their size and make it possible to run on-device. For example, the speech recognition and language understanding models -- brought down from 100 GB models in the cloud to less than half a gigabyte locally -- can be used to do live captions on videos without sending data to Google. Additionally, Google has expanded the use of federated learning.

Brendan McMahan and Daniel Ramage, research scientists at Google, summarized federated learning in a blog post from 2017.

"Your device downloads the current model, improves it by learning from data on your phone, and then summarizes the changes as a small focused update. Only this update to the model is sent to the cloud, using encrypted communication, where it is immediately averaged with other user updates to improve the shared model," McMahan and Ramage wrote. "All the training data remains on your device, and no individual updates are stored in the cloud."

These new on-device machine learning features are part of Android Q. Stephanie Cuthbertson, director of product management for Android, said security and privacy was one of the key areas Google focused on for Android Q. The improvements include a dedicated Privacy tab in Android settings, which puts controls over app permissions and what data is collected into one place. Android Q will also add more granular control over when an app can track a user's location and notifications when an app is checking location data in the background.

"As people carry their phones constantly and trust them with lots of personal information, we want to make sure they're always in control of their data and how it's shared," Cuthbertson wrote in a blog post.

Android Q will also introduce TLSv3, better protections for device identifiers, like randomizing MAC addresses by default, and it will be able to update important OS-level security issues in the background without requiring a reboot. However, as with past versions of the mobile OS, it's unclear when Android Q will be pushed out to users. Android Pie was released broadly nine months ago, but Google announced at I/O that the OS only made it to 10% of active Android devices.

Other security and privacy improvements, like giving users more insight into website cookies and if they can track you across websites, or new protections against web fingerprinting in Chrome, were mentioned in passing with promises to dive deeper in subsequent sessions during Google I/O 2019.

Dig Deeper on Compliance

Enterprise Desktop
Cloud Computing