Google has clarified that the new Android System SafetyCore app does not scan users’ content on their devices.
A Google spokesperson told The Hacker News that Android already has built-in protections against threats like viruses, spam messages, scams, and other harmful activities, all while keeping users’ data private and giving them control.
SafetyCore is a new system tool for Android 9 and above that helps detect unwanted content in a secure and private way. However, it only works when an app requests it through an optional feature, and users remain in control of how it functions.
Google introduced SafetyCore (package name "com.google.android.safetycore") in October 2024 as part of its security measures to help prevent scams and filter sensitive content in the Google Messages app for Android.
The feature, which requires at least 2GB of RAM, is gradually rolling out to all Android devices running Android 9 and later, including those using Android Go, a lightweight version of the operating system for budget smartphones.
Meanwhile, Client-Side Scanning (CSS) is another method that analyzes data directly on a device instead of weakening encryption or adding system backdoors. However, this approach has sparked privacy concerns, as it could be misused to scan for more content than originally intended.
Google's Sensitive Content Warnings in Messages work similarly to Apple's Communication Safety in iMessage, using on-device machine learning to detect and warn about potentially inappropriate photos or videos, such as nudity.
The developers of GrapheneOS emphasized in a post on X that SafetyCore does not perform client-side scanning. Instead, it provides on-device machine-learning models that help apps identify spam, scams, or malware.
Classifying content like this is not the same as detecting illegal material and reporting it to a service, GrapheneOS explained. That would seriously violate privacy and still lead to false positives. SafetyCore is not designed for that purpose and cannot be used in that way.
