Tech companies frequently introduce updates to enhance security and functionality, but transparency is key when implementing changes that affect user privacy. Recently, Google has come under scrutiny for silently installing SafetyCore, an Android system component designed to perform on-device image scanning. While the feature aims to improve security by detecting and blurring sensitive content, the lack of prior disclosure has raised alarms. This situation mirrors a recent controversy involving Apple, which quietly introduced a photo-scanning feature without user consent.
What is SafetyCore?
SafetyCore is an Android system service designed to classify images and detect sensitive content directly on a user’s device. Unlike Apple’s Enhanced Visual Search, which processes images through cloud servers, SafetyCore operates locally, reducing potential data exposure. However, despite its security advantages, Google’s decision to roll out the feature without notifying users has sparked concerns over transparency and user control.
Why Are Users Concerned?
The backlash began when a post on X (formerly Twitter) claimed, “Google secretly installed this app on various Android devices without users’ permission. It can reportedly scan through your photo gallery and occupies 2GB of space.” While there is no evidence that SafetyCore actively scans entire photo libraries, the secrecy surrounding its installation has led to speculation about its capabilities.
Security-focused developers, such as GrapheneOS, have assured users that SafetyCore does not report scanned content to Google or any third party. Instead, it provides on-device machine learning models that help classify spam, scams, and malware for apps without transmitting data externally. However, the closed-source nature of SafetyCore has raised further concerns. GrapheneOS noted, “If these neural network features were open source, we wouldn’t have an issue.” The lack of transparency fuels suspicion, even when the technology is meant to enhance security.
Google’s Response to the Controversy
Google has defended SafetyCore, stating that the feature operates only when an app requests it and does not automatically scan user data. A spokesperson explained, “SafetyCore provides on-device infrastructure for privately detecting unwanted content. Users remain in control, and classification only occurs when requested through an optionally enabled feature.”
However, as ZDNet reported, the main issue is that Google never informed users about SafetyCore’s installation. If someone bought a new Android device or updated their software since October 2024, SafetyCore is likely already present. The fact that it was silently deployed on devices running Android 9 and later—without explicit consent—has fueled concerns about privacy and control.
Google clarifies that while SafetyCore enables the detection of sensitive content, it does not automatically scan a user’s entire photo gallery. The feature is designed to support security measures like Sensitive Content Warnings, which will soon be available in Google Messages. However, the lack of upfront communication has made users skeptical.
Can You Disable SafetyCore?
For users worried about SafetyCore, Google states that it can be disabled or uninstalled. To remove it, navigate to Settings > Apps > System Apps > SafetyCore and either disable or uninstall the feature.
Some tech forums have warned users about its presence, with posts advising, “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore.’ It collects call logs, contacts, location, and microphone data, making it a HUGE privacy concern.” While Google denies these claims, the secrecy surrounding the update has created an atmosphere of distrust.
Lessons in Transparency
The SafetyCore controversy highlights a recurring issue with tech companies—the lack of transparency when implementing AI-driven security features. While both Apple and Google argue that their technologies enhance privacy and security, rolling out such features without user consent raises red flags.
Users today demand clear communication and control over how their devices operate. Even privacy-preserving technologies can backfire when introduced without disclosure. Moving forward, companies must ensure that users are informed about new security measures before they are activated, giving them the choice to opt in or out. Otherwise, even well-intentioned updates risk being viewed as intrusive, eroding the trust that users place in their devices.
