Google’s second beta of Android 17 continues updates to platform behavior and introduces new APIs focused on protecting sensitive data.
Protecting contact and local network data
A new system-level Contacts Picker gives apps temporary access only to the contact information a user selects. It limits contact data exposure and works across both personal and work profiles on the device.
Contacts Picker (Source: Google)
The update also introduces the EyeDropper API, which lets apps select a color from any pixel on the screen without requiring screen capture permissions.
Android 17 adds a new runtime permission, ACCESS_LOCAL_NETWORK, to govern access to devices and services on a LAN. Apps must declare and request this permission to discover or connect with local devices, such as smart home products or casting receivers.
This change restricts background access to local network data and reduces the risk of tracking or unauthorized data collection. Users who have already granted related nearby device permissions may not see a separate prompt. Apps can also use system-provided device pickers to connect to devices without requesting the permission directly.
“Apps targeting Android 17 or higher will now have two paths to maintain communication with LAN devices: adopt system-mediated device pickers to skip the permission prompt, or explicitly request this new permission at runtime to maintain local network communication,” Matthew McCullough, VP of Product Management for Android Developer, explained.
Expanding safeguards for SMS verification codes
Android expands SMS one-time password (OTP) protections by delaying programmatic access to OTP messages for most apps by three hours. This limits the ability of apps to intercept verification codes. Default SMS apps and approved companion apps are exempt. Developers are encouraged to use SMS Retriever or SMS User Consent APIs for OTP handling.
Apps targeting API level 37 or higher must follow these updated permission requirements, giving users more control over how apps access personal and network data.
