Google has launched a multi-year scheme geared towards improving the level of privacy afforded to users of its Android operating system.
During a briefing call hosted by Anthony Chavez, who heads up the Android Security and Privacy division, TechRadar Pro was told about the company’s plans to extend its Privacy Sandbox project to Android devices.
The broad objective is to phase out advertising ID, a tracking system analogous to third-party cookies, and move towards alternatives that limit the sharing of user data with third-parties and do not rely on cross-app tracking to support advertising efforts.
Google will test out its initial proposals over the coming months, with a full public beta expected to arrive before the end of 2022. The company will continue to support the traditional system for at least another two years while it works out the kinks.
Privacy Sandbox on Android
Google first launched the Privacy Sandbox initiative in 2019, in recognition of the fact that the system underpinning its lucrative advertising business (powered by third-party cookies that track people across the web) creates opportunities for invasions of privacy.
A number of browser makers have moved to block third-party cookies outright, but Google contends that this is an irresponsible approach to remedying the problem, because it jeopardizes the business models that make possible the free services and content available online.
Instead, under the Privacy Sandbox scheme, Google is attempting to develop new technologies that improve the level of user privacy without compromising the ability for advertisers to create targeted campaigns and publishers to monetize their work.
“On the web, third-party cookies have been a valuable tool for publishers, developers and advertisers. On Android, the advertising ID plays a similar role. These systems were built a long time ago and have been successful at supporting the mobile and web ecosystems,” explained Chavez.
“But like with many other technologies that age over time, it’s critical that we evolve and develop new approaches that address the challenges of the current ones.”
However, Chavez was careful to note that creating a privacy-first system that does not kneecap advertising efforts is “incredibly complex” and may take a number of years. He also claimed that a cold turkey approach to technologies such as cookies and advertising ID incentivizes even more opaque tracking methods, such as device and browser fingerprinting.
With its initial proposal for Privacy Sandbox for Android, therefore, Google is aiming to establish a happy medium.
Under the scheme, Android will benefit from existing Privacy Sandbox APIs such as FLEDGE and Topics, which aim to localize ad auctions and collect users into broad interest groups, respectively. The idea is to minimize the amount of personal data swirling around on ad servers and limit the granularity of user profiles.
Unique to Android, meanwhile, is a technology Google is calling the SDK Runtime, which is billed as a safer way for apps to integrate with third-party advertising SDKs that supposedly reduces the potential for covert data collection.
Work in progress
As ever, Google’s arguments are well-formulated and highly compelling. However, if previous Privacy Sandbox proposals offer any indication, privacy activists will likely take issue with at least a few elements of the Android plans once they’ve had a chance to digest.
For example, Google was criticized recently by the company behind privacy-centric web browser Brave over its Topics API. The thrust of the argument was that Google is ill-qualified to determine what data should be classified as sensitive.
“Google says it will take care to share only ‘non-sensitive’ interests with sites. But there is no such thing as categorically non-sensitive data; there is no data that’s always safe and respectful to share,” wrote Peter Snyder, Senior Director of Privacy at Brave.
“Things that are safe to share about one person in one context will be closely guarded secrets to another. Meaningful privacy is inherently specific to both context and person. People should decide what they consider sensitive. Not Google.”
Synder went on to claim that Topics can only be considered an improvement in comparison to the low, low standards set by Google itself. He argues that Topics represents a grievous violation of privacy by any other definition, because it is designed to “share information about you with advertisers and organizations without active permission.”
Unsurprisingly, Google disputes this characterization. But the company has also acknowledged that the complexity of the issue means early Privacy Sandbox proposals are likely to be imperfect, and so will welcome feedback from regulators and industry stakeholders.
“This is the beginning of our journey on Android. We want to share with you what we’re thinking, while being transparent that we may not have the answers to all of your questions,” said Chavez.
“But fundamentally, we believe there is a path that supports both user privacy and a health global ecosystem. To deliver on this objective, we need to build new technologies that provide user privacy by default, while supporting the key advertising capabilities that make it possible for developers and businesses to succeed on mobile.”