Google Bringing Privacy Sandbox to Android to Limit Sharing of User Data

Google on Wednesday announced plans to bring its Privacy Sandbox
initiatives to Android in a bid to expand its privacy-focused, but
also less disruptive, advertising technology beyond the desktop
web.

To that end, the internet giant said it will work towards
building solutions that prevent cross-app tracking à la Apple’s App
Tracking Transparency (ATT^[1]) framework, effectively
limiting sharing of user data with third-parties as well as
eliminating identifiers such as advertising IDs on mobile
devices.

“The Privacy Sandbox on Android builds on our existing efforts
on the web, providing a clear path forward to improve user privacy
without putting access to free content and services at risk,”
Anthony Chavez, vice president of product management for Android
security and privacy, said^[2].

Privacy
Sandbox^[3], launched in 2019, is
Google’s umbrella term for a set of technologies that will phase
out third-party cookies and curb covert tracking, like fingerprinting^[4], by reducing the amount
of information sites can access in order to keep tabs on users’
online activities.

But unlike Apple’s ATT, which requires all apps to ask for
user’s explicit consent before tracking them across other apps and
websites, the new multi-year project aims to strike a balance by
offering privacy-preserving ways to enable mobile advertising while
simultaneously adopting restrictions to curtail tracking across
apps.

Apple’s anti-tracking changes on iOS and iPadOS are expected to
cost ad-driven companies like Meta Platforms $10 billion in revenue
in 2022, with the social media firm calling^[5]
it a “pretty significant headwind for our business.” Google also
dubbed ATT as a “blunt” approach that can be ineffective and could
“lead to worse outcomes for user privacy and developer
businesses.”

That said, the Alphabet-owned company said it intends to support
the existing identifier-based ads platform for at least two more
years and give the industry substantial notice prior to any future
changes. A beta version is scheduled for release by the end of the
year.

The development comes as Google last year tightened its policies^[6]
surrounding the use of advertising ID, rendering it unavailable to
developers should users opt out of receiving interest-based ads or
ads personalization. The change is expected to roll out^[7]
to all Android phones on April 1, 2022 via a Google Play Services
update.

The identifier is a unique, user-resettable string of digits
that’s connected to an individual device, permitting ad-tech
companies to infer users’ interests from their online behaviors and
activities across different apps.

In addition, Google will require that apps declare the
“com.google.android.gms.permission.AD_ID” permission to query the
advertising identifier on devices running versions Android 12 and
above, at the same putting it out of reach of apps that target
children.

The new system is also expected to include a FLEDGE API^[8]
for Android that tracks users’ behavior inside an app and slots
them into groups for “custom audience targeting.” Furthermore,
Google is debuting what it calls the SDK Runtime^[9]
to “reduce undisclosed access and sharing” of a user’s app data and
usage by third-party SDKs.

The ad-tech overhaul arrives a week after the U.K. Competition
and Markets Authority (CMA) gave^[10] its stamp^[11] of approval^[12] to the company’s
efforts to develop the Privacy Sandbox initiative across the web
and apps on Android and design it in a manner that addresses
competition concerns and benefits consumers.

Google’s sweeping change for app-tracking replacement on mobile
is similar to its proposal to drop third-party cookies on the web,
in a shift mirroring that of Apple Safari and Mozilla Firefox, both
of which have blocked third-party cookies by default in recent
years.

But the move attracted significant opposition^[13] from regulators^[14] and privacy advocates
alike for being too opaque, prompting the company to delay the
change to late 2023 and discontinue its controversial FLoC^[15]-based approach for
interest-based advertising in favor of a new Topics API^[16].

“With the Topics API proposal, the browser would infer topics^[17] for a user based on
their browsing activity during a period of time known as an epoch,
currently proposed to be one week,” the company said^[18]. “The topic selected
for each epoch would be randomly selected from the user’s top five
topics for that time period.”

Thus when users visit a site that supports the Topics API for ad
purposes, the browser will share a rotating subset of three topics
they are interested in — one for each of the three last weeks —
selected randomly from the pool of top five topics, which can then
be shared by the website with its advertising partners to serve
relevant ads.

Topics also addresses one of the biggest issues with FLoC by not
only preventing ad providers from knowing which sites users have
browsed, but also from leaking more information than the current
third-party cookie system by enabling marketers identify users
through other means like IP address and log their cohort
participation over time.

Google said its goal with Privacy Sandbox on Android is to
create “privacy enhancing advertising solutions, where users know
their information is protected, and developers and businesses have
the tools to succeed on mobile.”