Android P is just around the corner, and while its core features may still be shrouded in mystery, the open-source nature of the operating system has already revealed several exciting updates. From carriers' ability to customize signal strength displays to potential support for foldable displays and call recording tones, there's a lot to look forward to. But one feature that stands out is Android P's enhanced camera security, which aims to prevent malicious apps from accessing your device's camera when it's not in use.

According to an Android Open Source Project (AOSP) commit merged on January 19, Android P will introduce new rule-sets that prohibit idling background apps from accessing the camera. This means that even if a malicious app is running in the background while your screen is off, it won't be able to take compromising photos or videos of you without your knowledge.

What's Changing in Android P?

Android P's camera security enhancements target an app's User ID (UID), which is assigned at install time. A UID remains unique as long as the app is installed on your device, and it doesn't change even if the app remains inactive. When a UID is detected to be "idle" – meaning the device is in idle Doze mode and background apps' access to CPU-intensive services is restricted – Android P will generate an error and close camera access. Subsequent camera requests from the same UID will immediately result in an error.

This change builds upon the foundation of camera service updates starting with Android 6.0 Marshmallow, where apps were granted camera access on a first-come, first-served basis. However, Marshmallow introduced a fast lane queue system, prioritizing apps with foreground and user-visible activities. In contrast, Android P takes a more comprehensive approach by restricting background app camera access.

Why Does it Matter?

The introduction of these limits is long overdue. A 2014 blog post by Android developer Szymon Sidor demonstrated how apps could secretly take photos and record videos by manipulating Android's camera permissions. By shrinking the camera app's viewfinder to a single pixel, making it virtually invisible, Mr. Sidor was able to access a Nexus 5's camera without alerting users – even when the app was running in the background with the screen off.

With Android P's enhanced camera security, malicious apps like the one described by Mr. Sidor would be easier to detect. To stay alive, such an app would need to implement a foreground service, which would require displaying a notification and staying on top of other apps. This means that if such an app attempted to remain hidden in the background, it wouldn't be able to access the camera in P.

By prioritizing user privacy and experience, Android P's enhanced camera security features will significantly improve the overall quality of app user experiences, ensuring that users are better protected from malicious activities.