Android has already limited how much apps can access the clipboard and notify users when the app grabs something from it. But Android 13 adds another layer by automatically deleting whatever is in the clipboard after a short while. That way, apps can’t detect old stuff you copied, and — bonus — you’re less likely to share your coworker’s list of reasons why he hates your company with your boss. Android 13 also continues the process of reducing the ability of apps to request location sharing for things like enabling Wi-Fi.
Android 13 requires new apps to ask for permission before they can send you notifications. The new version expands on a feature from Android 11 that automatically resets app permissions once it hasn’t been used for a long time. Since its debut, Google has extended this feature to devices running Android 6, and the operating system has now automatically returned more than 5 billion permissions, according to the company. This way, a game you don’t play anymore and had permission to access your microphone three years ago still won’t be able to listen. And Android 13 makes it easy for app developers to proactively remove permissions if they don’t want to retain access for longer than they desperately need.
Ensuring that Android devices around the world can get security updates has been a major hurdle for Google, since Android’s open source principles allow any manufacturer to publish their own version of the operating system. To improve the situation, the company has spent years investing in a framework called Google System Updates that breaks down the operating system into components and allows phone makers to send updates directly to various modules through Google Play. There are now over 30 of these, and Android 13 adds Bluetooth and Ultra Wideband components, the radio technology used in the short term for things like radar.
Google is working to reduce common software vulnerabilities by rewriting some important parts of the Android code base in more secure programming languages like Rust and creating defaults that push developers in a more secure direction with their own apps. The company has also worked to make its APIs more secure and started offering a new service called the Google Play SDK Index that provides some transparency into widely used software development kits, so developers can be more informed before integrating these third-party modules into their apps .
Similar to Apple’s iOS privacy labels, Android recently added a “Data Security” field in Google Play to give users a kind of Nutrition Facts label that spells out how apps say they will handle your data. In practice, though, these types of disclosures aren’t always reliable, so Google offers developers the option to have a third party independently validate their claims against a mobile security standard. The process is still voluntary, though.
says Eugene Lederman, Director of Android Security Strategy.
Apple’s Android and iOS are both moving towards offering the ability to store government-issued ID. In Android 13, Google Wallet can now store such digital IDs and driver’s licenses, and Google says it’s working with both individual states in the US and governments globally to add support this year.
With so much to focus on and improve on, Android 13 is trying to take a sprawling stance and curb it rather than letting it get out of hand. And Android’s D’Silva says there’s one version coming later this year to look forward to: a kind of Security Center under Settings that will set privacy and security options in one place for users. Perhaps this is an acknowledgment that it has become too much for the average user to keep track of on their own.