Partial screen sharing is the Android 15 change that matters most for anyone who has ever fired up Google Meet and watched a Slack DM pop into the recording. Users can now share or record a single app window instead of the entire display, and for apps targeting API level 34 or higher, the system forces fresh consent on every MediaProjection capture session. That one behavior kills a long tail of incidental data leaks: notifications, password managers, and background chat windows stay off the recording.
This post walks through partial screen sharing alongside the other three Android 15 security changes worth a pentester's attention: File Integrity backed by fs-verity, the Privacy Sandbox SDK runtime, and Health Connect. Each one narrows a specific attack class rather than adding generic hardening, so the analysis stays practical.
File Integrity
Android 15 finally introduces new APIs within FileIntegrityManager, enhancing file security through the use of fs-verity function in Linux kernel. This enhancement provides developers with more robust tools to ensure the integrity of their files, offering an added layer of protection against corruption and tampering that could jeopardize app functionality or user data.
Partial Screen Sharing in Android 15
App screen sharing hasn't been yet so great. Introduced in Android 14 QPR2, partial screen sharing enables users to share or record only a specific app window instead of their entire screen. Android 15 further refines the partial screen sharing experience by including MediaProjection callbacks, which let apps customize the screen sharing experience more extensively. It allows users to share content selectively without exposing sensitive information that might be visible on other parts of their screen. Additionally, for apps targeting Android 14 (API level 34) or higher, Android 15 mandates user consent for each MediaProjection capture session, reinforcing user privacy and control over what is shared or recorded.
For mobile security researchers, the partial screen sharing API is worth testing for consent bypass and selection persistence edge cases. Related reading: our apple tcc format string vulnerability analysis shows how capture-related permission systems on other platforms fail.
Privacy Sandbox and the Shrinking Third-Party SDK Blast Radius
Google's Privacy Sandbox initiative is a structural answer to the problem partial screen sharing tackles at the UI layer: too much access with too little scoping. It aims to create a more private web by eliminating third-party cookies and minimizing the amount of personal information advertisers can access. These changes, however, are not limited to web browsing, as Android Privacy Sandbox has its own approach to this concern. In practical example, advertisement could be shown based on installed apps, without the need to track user.
The technical approach is to use Runtime SDKs which run as a separate process with different permissions than the whole application. Currently, third-party SDKs (i.e. advertisement libraries) have the same permissions as your application which enables them to gather user data without control.
An additional goal of Privacy Sandbox development is to change the way 3rd party SDKs are distributed. SDKs would no longer need to be statically linked to the app itself. Instead, SDKs would be added to the Application store. When a user downloads an app, the specified version of the SDK will be downloaded, if needed. Consider it similar to installing packages on Linux, which at the same time downloads required dependencies.
With Android 15, the Privacy Sandbox has been elevated to extension level 10, about which details can be found here.
Health Connect
Health Connect by Android offers a unified, secure platform for managing and sharing health and fitness data collected by apps. It enables users to control their data across different apps, providing a cohesive health data ecosystem.
The integration of Android 14 extensions 10 into Android 15 enhances Health Connect's capabilities, adding support for new data types related to fitness and nutrition.
Related AFINE Research
If you work on mobile, desktop, or application-level security, these posts pair well with this one:
- mac extended attributes and how metadata exposes authentication tokens.
- access client solutions vulnerabilities in IBM i Access.
- credential harvesting via insecure credential storage.
Conclusion
Partial screen sharing, the Privacy Sandbox SDK runtime, Health Connect, and FileIntegrityManager each close off a concrete attack class rather than adding generic polish. Partial screen sharing removes incidental exposure from recording sessions. Privacy Sandbox narrows the permission inheritance that lets ad SDKs harvest data. Health Connect centralizes a permission surface that used to be spread across bespoke integrations. File Integrity pushes tamper detection down to the kernel. For mobile teams and pentesters, Android 15 is the version where several long-standing abuse paths stop being default-open.
Frequently Asked Questions
What is partial screen sharing in Android 15?
Partial screen sharing is an Android feature that lets users share or record a single app window instead of their entire screen. It was introduced in Android 14 QPR2 and refined in Android 15 with MediaProjection callbacks that let apps customize the sharing experience and reduce exposure of sensitive content from other apps.
How does partial screen sharing improve privacy?
With partial screen sharing, notifications, messages, and content from other apps are not captured during a screen share or recording. Android 15 also mandates user consent for each MediaProjection capture session for apps targeting API level 34 or higher, which reinforces user control over what is shared.
What is FileIntegrityManager in Android 15?
FileIntegrityManager is a new API in Android 15 that uses the fs-verity function from the Linux kernel to protect files from corruption and tampering. It gives developers a stronger tool for verifying file integrity, which reduces the risk of altered binaries or data impacting app functionality or user data.
What does the Privacy Sandbox do on Android?
The Android Privacy Sandbox changes how advertising SDKs access user data. Runtime SDKs run as separate processes with their own permissions, instead of inheriting the host app's permissions. With Android 15, the Privacy Sandbox has been elevated to extension level 10 and allows advertising based on installed apps without direct user tracking.
How is Health Connect affected in Android 15?
Android 15 integrates Android 14 extensions 10 into Health Connect, adding support for new fitness and nutrition data types. Health Connect remains a unified, secure platform for managing and sharing health data across apps, and gives users centralized control over which apps can read or write that data.
