Android 15 to Introduce App Isolation Feature, Enhancing System Security

According to pulsestacks on April 17th, the upcoming Android 15 system may introduce a new feature: app isolation. This feature aims to better protect users from the harm of misbehaving apps.

The Android system has always had robust security measures in place to resist the intrusion of malicious apps. Google's app store security service, "Play Protect," also automatically removes detected malicious apps. However, no security software is flawless, and there is always the possibility of false positives. "Play Protect" typically adopts a cautious approach and may ask users whether to remove suspicious apps. To assist users in dealing with suspicious apps more effectively, the "app isolation" feature that Android 15 might introduce could offer a better solution.

Users familiar with desktop operating systems (such as Windows) antivirus software might be acquainted with the concept of "isolation." When antivirus software isolates a file, it's usually because it suspects malicious behavior, but it cannot definitively remove the file or confirm its malicious nature, so it leaves the decision to the user. The isolated file is separated from the rest of the system and cannot be executed, ensuring that potential malware cannot cause harm.

Traditional app isolation functionality does not exist in the Android system, mainly because Android prioritizes system security from its inception. Android apps cannot access system-level permissions and are, by default, confined to a sandbox environment. They can only communicate with other apps through predefined APIs and can only access these APIs with explicit permissions. Due to these limitations, users generally do not need to download third-party antivirus or anti-malware software for Android devices. Because Android operates differently from Windows, the app isolation feature in Android also differs slightly from that of Windows. When an app is isolated in Android 15, its behavior differs from normal apps. It still appears on the user's home screen and in Android settings, but with certain limitations:

• Notifications from the isolated app won't be displayed.
• All windows will be hidden, and running activities will be stopped.
• The device ringtone can't be controlled.
• Other apps can't query its services (though they can query its activities).
• It can't bind to system or other apps, nor can it receive broadcasts from them.
• It can't be resolved.

From these restrictions, it appears that isolated apps are similar to disabled apps but can still appear on the home screen. Additionally, "App Isolation" shares similarities with the "Pause App" feature in the "Digital Wellbeing" service, but isolation can restrict components of individual apps. In summary, the app isolation feature falls between "disabling apps" and "pausing apps."

However, it's currently unclear when Google will officially roll out this new feature. Signs of app isolation were first discovered in Android 14 QPR2 Beta 1 back in November last year, but the developer page for isolating apps has since been removed. Although the feature flag for enabling operating system-level app isolation still exists, users currently can't manually isolate apps, not even via command-line methods. Furthermore, neither the Google Play Store nor Google Mobile Services apps currently request app isolation permissions. Therefore, it's entirely possible that this feature may not debut in Android 15 and could be postponed to future releases.