Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification

Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content.
"Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for the company told The Hacker News when reached for comment.
"SafetyCore is a new Google system service for Android 9+ devices that provides the on-device infrastructure for securely and privately performing classification to help users detect unwanted content. Users are in control over SafetyCore and SafetyCore only classifies specific content when an app requests it through an optionally enabled feature."
SafetyCore (package name "com.google.android.safetycore") was first introduced by Google in October 2024, as part of a set of security measures designed to combat scams and other content deemed sensitive on the Google Messages app for Android.
The feature, which requires 2GB of RAM, is rolling out to all Android devices, running Android version 9 and later, as well as those running Android Go, a lightweight version of the operating system for entry-level smartphones.
Client-side scanning (CSS), on the other hand, is seen as an alternative approach to enable on-device analysis of data as opposed to weakening encryption or adding backdoors to existing systems. However, the method has raised serious privacy concerns, as it's ripe for abuse by forcing the service provider to search for material beyond the initially agreed-upon scope.
In some ways, Google's Sensitive Content Warnings for the Messages app is a lot similar to Apple's Communication Safety feature in iMessage, which employs on-device machine learning to analyze photo and video attachments and determine if a photo or video appears to contain nudity.
The maintainers of the GrapheneOS operating system, in a post shared on X, reiterated that SafetyCore doesn't provide client-side scanning, and is mainly designed to offer on-device machine-learning models that can be used by other applications to classify content as spam, scam, or malware.
"Classifying things like this is not the same as trying to detect illegal content and reporting it to a service," GrapheneOS said. "That would greatly violate people's privacy in multiple ways and false positives would still exist. It's not what this is and it's not usable for it."
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
MediumJWT Scan Rule
HighPath Traversal
MediumDirectory Browsing
HighPath Traversal
InformationalServer Leaks its Webserver Application via "Server" HTTP Response Header Field
MediumFormat String Error
Free online web security scanner