Google has clarified the functionality of its new SafetyCore system, dispelling rumors of client-side content scanning on private Android devices. A company representative emphasized that SafetyCore is designed to classify content locally while preserving user privacy.
Initially introduced in October 2024, the service was developed to combat fraud and other unwanted materials, particularly within the Google Messages app. It operates on devices running Android 9 and above, including Android Go editions, with a minimum requirement of 2GB of RAM.
Google underscores that SafetyCore only performs analysis in response to application requests and when explicitly enabled by the user. The company likened this approach to Apple’s method, which leverages machine learning to filter undesirable content in iMessage.
Developers of the GrapheneOS operating system have corroborated Google’s statements, affirming that SafetyCore does not scan user content nor is it intended to detect or transmit prohibited materials. Instead, they assert, the system is strictly used for local message classification, identifying spam, phishing links, and fraudulent attempts.
Client-side scanning—a mechanism that has raised concerns among privacy advocates—analyzes data directly on a user’s device without explicit consent. However, Google has stated that SafetyCore does not function in this manner, as it does not transmit classified data to external services.
Experts note that advancements in local analysis algorithms bolster security while maintaining user privacy. Nevertheless, questions remain regarding what additional functionalities SafetyCore may acquire in the future and how expansive its capabilities might become.
