It’s late summer in the northern hemisphere, which means new phone operating systems are coming. In a few weeks, Apple will release iOS 16 to millions of iPhones and iPads around the world. Google, meanwhile, has already made the latest version of Android available—on some phones you can now download Android 13.
The newest version of the Android operating system is more “evolution than revolution,” with the majority of changes smaller than in previous iterations. But Android’s security team is trying to simplify people’s privacy options throughout Android 13. This version of the OS involves changes under the hood for app developers and some streamlined security options for users.
You probably don’t spend a lot of time thinking about the privacy and security settings on your phone. However, whenever you download a new operating system, it’s worth spending a few minutes scrolling and tapping through all the options you haven’t touched in the past 12 months. Here’s what you should take a look at on Android 13.
Clamp Down on App Permissions
In Android 12, Google introduced “nearby device” permissions. This was designed to stop your headphones app from requesting your precise location when it was trying to wirelessly connect to your headphones. Android 13 expands on these controls to stop apps from using Wi-Fi permissions to collect your location data. In their code, app developers have to specify that they will never use Wi-Fi APIs to access location information.
Android’s Privacy dashboard has also been updated. The dashboard, which can be accessed through Settings > Privacy, shows the permissions you have given apps to use—this includes the apps that can access your camera, contacts, and multiple other sensors and types of data. It will now show which apps have used each permission over the past seven days, rather than just 24 hours.
Some of the privacy changes in Android 13 don’t require you to do anything, but it’s worth knowing about them anyway. For instance, the OS will start deleting your clipboard history automatically after a short period of time so that apps don’t snoop on the information you previously copied. Also, from now on, apps that use Google’s advertising ID, which is a unique code assigned to your device, must declare the ad ID permission in their documentation. “If your app does not declare this permission when targeting Android 13 or higher, the advertising ID is automatically removed and replaced with a string of zeroes,” Google says.
When you want to use a photo you’ve taken in another app—for instance, as a Twitter profile photo or to share images with friends—your device uses Photo Picker. This loads up a screen that includes the photos on your device and gives you the option to use them in the app you’re in. The new privacy changes in Android 13 mean you won’t automatically give an app access to all your photos and videos. Instead, the photo picker will now only give the app access to the photos you allow it.
In addition, Android’s developer pages state that if apps want to use images, audio, or video that other apps have created, they must explicitly say the type of files they want access to and give you clear prompts that this will happen.
More Notification Control
Few things are more infuriating than apps that send a constant barrage of notifications. And there are some notifications you may not want appearing on your screen for anyone nearby to see. While it has been possible to control app notifications for some time, Android 13 is making it easier to do so from the outset. Now, when you open up an app for the first time or use it for the first time in a while, you’ll be asked if you want it to send you notifications. Spammy notifications, be gone.
Other Security and Privacy Options
While you’re thinking about your phone’s privacy settings, it’s worth taking some time to flick through your device’s other options to boost your overall protection. It’s possible there are previous changes that you’ve missed. The vast majority of the settings below can be changed by visiting Settings on your Android and then follow the specific options.
In the Security section, Android provides you with an overview of your device’s status. It will show you when the last security update was applied, let you set a screen lock and fingerprint or biometric unlocking (if your device supports them), and let you go through Google’s wider security checkup that looks at the current state of your accounts. (Later this year, Android will introduce a new Security & privacy option that will put all of these settings in one place.)
In the Privacy menu, there are a few things you should change. The Privacy dashboard, as described above, will show you which apps have used which sensors and data on your phone in the past seven days. After looking at this, you should tap on Permission manager, where you’ll be presented with all the sensors and types of data that your phone can give to apps. These range from your location and camera access to your calendar and files. You should look through each of the permissions and decide if an app really needs access to them to function.
Next in Privacyyou should open Google location history and Activity controls. Both of these options are linked to your wider Google account(s), but the settings here allow you to control what data Google keeps about you—it’s a lot. Using these options, you can wipe your web and activity data, the locations Google keeps on your movements, and details such as YouTube search history.
Then head to Privacy and Ads. Here you can use Reset advertising ID to change the ID Google has assigned to your phone. This advertising ID is used by apps and advertisers across the web to track your interests and show you potentially creepy personalized advertising. As well as resetting your ad ID, there’s an option to Delete advertising IDmeaning “apps can no longer use this advertising ID to show you personalized ads.”
Finally, while you’re thinking about your digital privacy and security, you should make sure you are using a password manager to protect your online life and using multi-factor authentication wherever possible.