Local Is Not a Sufficient Privacy Boundary: Governing OS-Integrated On-Device AI

The paper presents a framework for managing privacy in OS-integrated on-device AI systems, emphasizing that local execution does not inherently ensure privacy. It introduces a comprehensive threat model, a six-part privacy risk taxonomy, and a four-level audit rubric to assess privacy controls in various platforms, including Apple Intelligence/Foundation Models, Android AICore/Gemini Nano, and Microsoft Recall. This framework is crucial for practitioners as it shifts the focus from merely where computation occurs to understanding the broader implications of data handling, user control, and system governance in AI deployments.