Cybersecurity News and Headlines
  • All Technology
  • AI
  • Autonomy
  • B2B Growth
  • Big Data
  • BioTech
  • ClimateTech
  • Consumer Tech
  • Crypto
  • Cybersecurity
  • DevOps
  • Digital Marketing
  • Ecommerce
  • EdTech
  • Enterprise
  • FinTech
  • GovTech
  • Hardware
  • HealthTech
  • HRTech
  • LegalTech
  • Nanotech
  • PropTech
  • Quantum
  • Robotics
  • SaaS
  • SpaceTech
AllNewsDealsSocialBlogsVideosPodcastsDigests

Cybersecurity Pulse

EMAIL DIGESTS

Daily

Every morning

Weekly

Sunday recap

NewsDealsSocialBlogsVideosPodcasts
CybersecurityNewsAndroid 17 Second Beta Expands Privacy Controls for Contacts, SMS and Local Networks
Android 17 Second Beta Expands Privacy Controls for Contacts, SMS and Local Networks
CybersecurityConsumer Tech

Android 17 Second Beta Expands Privacy Controls for Contacts, SMS and Local Networks

•February 27, 2026
0
Help Net Security
Help Net Security•Feb 27, 2026

Why It Matters

The updates force apps to obtain explicit user consent for sensitive data, reducing exposure to credential theft and unauthorized network probing, which strengthens overall ecosystem security.

Key Takeaways

  • •Contacts Picker limits app access to selected contacts only
  • •ACCESS_LOCAL_NETWORK adds runtime permission for LAN device discovery
  • •EyeDropper API reads screen colors without capture permission
  • •OTP SMS access delayed three hours for non‑default apps
  • •System device pickers let apps bypass local network permission prompt

Pulse Analysis

Google’s Android 17 beta deepens its privacy‑first roadmap by moving sensitive data handling from app‑level logic to the operating system. The new Contacts Picker, for example, presents a modal list that returns only the user‑chosen entries, eliminating the need for blanket READ_CONTACTS permission. This approach mirrors similar system‑mediated selectors introduced for photos and files in earlier releases, reinforcing a consistent user experience across personal and work profiles. By confining exposure to the exact data a user approves, Google reduces the attack surface for credential harvesting and data‑leak incidents.

The addition of the ACCESS_LOCAL_NETWORK runtime permission reflects growing concerns around LAN‑based tracking and unauthorized device probing. Apps that need to discover smart‑home hubs, casting receivers, or other IoT endpoints must now request explicit consent, or rely on system‑provided device pickers that abstract the connection process. This dual‑path model balances developer flexibility with user control, limiting background scans that could be weaponized for fingerprinting. Enterprises deploying managed Android fleets will benefit from tighter policy enforcement, while consumers gain clearer visibility into which applications can interact with their home networks.

Android’s three‑hour delay on programmatic access to SMS one‑time‑passwords adds another layer of defense against phishing and SIM‑swap attacks. By restricting bulk reading of verification codes, the platform forces developers to adopt the vetted SMS Retriever or User Consent APIs, which surface the OTP to the user rather than silently harvesting it. While this may introduce minor UX friction for legacy apps, it aligns Android with emerging regulatory expectations for minimal data collection. The combined rollout of contact, network, and SMS safeguards signals Google’s commitment to a more granular permission model that could set industry standards.

Android 17 second beta expands privacy controls for contacts, SMS and local networks

Read Original Article
0

Comments

Want to join the conversation?

Loading comments...