OS Privacy and Security Changes in Android 17 Beta and Windows 11 Insider Builds
Google released the second beta of Android 17 with new privacy-focused platform behaviors and APIs aimed at reducing unnecessary access to sensitive data. Changes include a system-level Contacts Picker that grants apps only temporary access to user-selected contacts (including across personal/work profiles), a new ACCESS_LOCAL_NETWORK runtime permission to control discovery/connection to LAN devices (with an alternative path via system-mediated device pickers), and expanded safeguards for SMS one-time passwords by delaying most apps’ programmatic access to OTP messages for three hours (with exemptions for default SMS and approved companion apps, and guidance to use SMS Retriever/SMS User Consent APIs).
Microsoft is testing Windows 11 security and performance improvements for batch/CMD script execution in Insider Preview builds by adding an optional “secure processing mode” that prevents batch files from being modified while running. Administrators can enable it via the LockBatchFilesInUse registry value under HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor or via the LockBatchFilesWhenInUse application manifest control, reducing repeated signature validation when code integrity is enabled. Separately, commentary on Windows telemetry reiterates that Microsoft collects diagnostic data and suggests users can inspect telemetry themselves, but it does not describe a specific new security incident or vulnerability disclosure.
Sources
Related Stories
Microsoft Introduces Windows Baseline Security Mode and App Permission Prompts in Windows 11
Microsoft detailed two Windows security initiatives—**Windows Baseline Security Mode** and **User Transparency and Consent**—aimed at making Windows 11 behave more like mobile platforms in how it gates access to sensitive resources. Under *User Transparency and Consent*, Windows will prompt users when applications request access to protected data and device features (e.g., files, camera, microphone) and when installers attempt to add additional software; decisions will be recorded so users can review and change permissions later, including revoking previously granted access. *Windows Baseline Security Mode* is intended to enable runtime integrity safeguards by default, allowing only properly signed applications, services, and drivers to run while still permitting user/IT-admin exceptions for operational needs. Microsoft positioned the changes under its **Secure Future Initiative** and aligned them with the *Windows Resiliency Initiative*, noting a phased rollout in partnership with developers and enterprises and building on prior controls such as *Smart App Control* and administrator protection.
1 months ago
Apple and Google Ship New Mobile OS Betas with Expanded Encryption and Security Controls
Apple released an *iOS/iPadOS 26.4 developer beta* that adds **end-to-end encryption (E2EE) for RCS messaging** in limited testing, with availability constrained by device/carrier support and currently limited to **Apple-to-Apple** RCS conversations. The implementation is tied to upgrading to **RCS Universal Profile 3.0** built on the **Messaging Layer Security (MLS)** protocol, aligning with the GSMA’s prior move to standardize E2EE for RCS. The beta also expands platform hardening by allowing apps to opt into the full protections of **Memory Integrity Enforcement (MIE)** (beyond the previously available “Soft Mode”), and reporting indicates Apple may enable **Stolen Device Protection** by default in this release line. Google released the first *Android 17 beta* with multiple privacy/security changes aimed at tightening network and cryptographic defaults and improving user control. Android 17 **deprecates** the `android:usesCleartextTraffic` manifest attribute; apps targeting Android 17+ that set `usesCleartextTraffic="true"` without a **Network Security Configuration** will have cleartext traffic blocked by default, pushing developers toward more granular policy via configuration files. The beta also introduces a public **HPKE (Hybrid Public Key Encryption)** Service Provider Interface, adds user preference controls for **VoIP call history integration**, and expands **Wi‑Fi ranging** for proximity detection and secure peer-to-peer discovery.
3 weeks ago
Windows 11 25H2/24H2 Preview Updates Add AI Features and Flag Secure Boot Certificate Expiration
Microsoft began rolling out **Windows 11 preview updates** for versions **25H2 and 24H2** (including the optional non-security preview update `KB5074105` and Release Preview builds `26200.7701`/`26100.7701`) focused on functionality, performance, and reliability improvements rather than patching new security vulnerabilities. The updates emphasize expanded **AI-driven experiences** (including refinements to Copilot+ PC-related models and more natural-language assistance within Settings), along with usability changes and a simplified Windows update title format intended to reduce administrative friction in tools like **WSUS** and **Microsoft Configuration Manager**. Alongside these feature updates, Microsoft highlighted an operational security risk: **Windows Secure Boot certificates** used by most Windows devices are expected to begin expiring in **June 2026**, and organizations that do not update Certificate Authority (CA) material in time may face devices that cannot boot securely. Separately, consumer guidance circulated on bypassing Windows 11 hardware eligibility checks (notably **TPM 2.0** requirements) to upgrade “unsupported” PCs; while this may extend device usability after Windows 10 support ended, it can also undermine Microsoft’s intended security baseline and increase enterprise risk if adopted outside controlled policy.
1 months ago