SameSite is a cookie attribute that determines whether it can be sent with requests from the same site or a third-party site. If the user doesn’t turn on SameSite, Android now recommends sending the cookie via a more secure HTTPS link. Developers will have to examine their apps to ensure they set cookies properly to support cross-site cookie dependencies.
Google has also expanded its access restriction on MAC address use, which are unique device identifiers that users can’t reset. Google already prohibited some application classes from accessing MAC address information in Android 11, but it’s extended that restriction to all apps in Android 12.