Cross-device Federated Analytics (FA) is a distributed computation paradigm designed to answer analytics queries about and derive insights from data held locally on users' devices. On-device computations combined with other privacy and security measures ensure that only minimal data is transmitted off-device, achieving a high standard of data protection. Despite FA's broad relevance, the applicability of existing FA systems is limited by compromised accuracy; lack of flexibility for data analytics; and an inability to scale effectively. In this paper, we describe our approach to combine privacy, scalability, and practicality to build and deploy a system that overcomes these limitations. Our FA system leverages trusted execution environments (TEEs) and optimizes the use of on-device computing resources to facilitate federated data processing across large fleets of devices, while ensuring robust, defensible, and verifiable privacy safeguards. We focus on federated analytics (statistics and monitoring), in contrast to systems for federated learning (ML workloads), and we flag the key differences.

翻译：跨设备联邦分析是一种分布式计算范式，旨在对存储在用户设备本地的数据进行查询分析并从中获取洞察。通过设备端计算结合其他隐私安全措施，确保仅有极少量的数据会传输至设备外部，从而实现高标准的数据保护。尽管联邦分析具有广泛的应用前景，但现有系统的实用性仍受限于以下因素：精度损失、数据分析灵活性不足以及无法有效扩展。本文阐述了我们如何综合考量隐私性、可扩展性与实用性，构建并部署了一套突破这些限制的系统。我们的联邦分析系统利用可信执行环境，并优化设备端计算资源的使用，以促进大规模设备集群间的联邦数据处理，同时确保提供稳健、可论证且可验证的隐私保护机制。与专注于联邦学习的系统不同，本文聚焦于联邦分析领域，并着重阐明二者在统计监测与机器学习工作负载方面的核心差异。