Google has long grappled with data privacy gaffes and internal instability, but through it all the company has consistently improved the security and privacy of Android. Given the operating system's 2.5 billion users, that's no small task. With the release of Android 10 in just a few weeks, the new iteration of data and privacy features is coming into even sharper focus.

The privacy and security tools new to Android 10—Google has finally ditched the dessert-themed names—aren't the most outwardly flashy. The Android team has focused instead on labor-intensive technical changes and upgrades that will have an outsized effect. And the improvements touch numerous parts of the system, from how it deploys encryption to how settings are organized and applications are quarantined from each other.

"I don’t think security and privacy are a new theme just in Android 10," says Charmaine D'Silva, an Android product manager who works on privacy. "But when we thought about planning for the release we definitely thought that we should focus more on the space as we get more mature as a product."

Privacy Maze

What you'll notice most: Android 10's attempts to give you more control over your data. As an open source platform, Android can usually be implemented in whatever way manufacturers want, with few requirements about how the user interface looks or functions. But with Android 10, Google will mandate across all manufacturers that the Privacy and Location menus are in the same place in the Android Settings menu no matter what Android smartphone you're on. This way, users of any Android 10 device can always find these options in the same digital location, instead of navigating through confusing, unfamiliar menus.

Android 10 introduces other requirements as well, like requiring that apps request permissions and re-check your choices more often for things like accessing your location. And Android 10 will similarly also introduce geofencing features where instead of just turning that type of location-tracking on or off, you can select an option where geofencing only works when an app is actively open on your screen.

Seeking to improve its stance on another controversial topic, Android 10 also incorporates new restrictions on an app's ability to access unchangeable device identifiers, like device serial numbers or other industry IDs. Instead, Google will now require developers to use resettable identifiers to keep track of users. That way, if these digital fingerprints are ever compromised, or if you want to wipe your digital slate clean, there's a mechanism to do that.

The topic is especially relevant thanks to increased awareness about user tracking for ad targeting, but the industry has been debating the threat of collecting permanent device identifiers for nearly a decade. Android has a changeable "Advertising ID" and Apple's iOS offers a similar "Identifier for Advertisers." Apple started requiring that advertisers use only the IDFA in 2013, and Google began mandating advertiser use of its AAID in 2014.

Now those measures are increasingly expanding outside of advertising. In Android 10, developers still have relatively persistent ID options—so you can't, say, claim a promotion in an app, delete the app, re-install it, and instantly claim it again—but the goal is to strike more of a balance between a developer's ability to keep track of users and a user's ability to take back some control. "We wanted to allow users to reset them when they don’t want to be tracked," Android's D'Silva says.

Many changes in Android 10 highlight the tension between creating a platform to be as flexible and open as possible, while still upholding some security and privacy requirements. D'Silva emphasizes that the transition to resettable IDs involved extensive collaboration with manufacturers and developers. Similarly, Android 10 places new restrictions on apps' ability to move from running in the background to asserting themselves in the foreground for users. In the case of, say, an alarm clock app, developers will still have the option to alert you that an alarm is going off, but will no longer be able to take over the whole screen if you're doing something else. The goal is to reduce interruptions and, particularly, unexpected surprises. But for developers, such changes can feel like an erosion of Android's open source roots.