Skip links

Google expands Privacy Sandbox to Android

Google plans to extend its rework of web ad technology – the optimistically named Privacy Sandbox – to Android devices in an effort to limit the misuse of data in its mobile ecosystem.

In a blog post on Wednesday, Anthony Chavez, VP of product management for Android security and privacy, described the initiative as a multiyear project to promote privacy-preserving advertising services.

“Specifically, these solutions will limit sharing of user data with third parties and operate without cross-app identifiers, including advertising ID,” explained Chavez. “We’re also exploring technologies that reduce the potential for covert data collection, including safer ways for apps to integrate with advertising SDKs.”

Launched in 2019, the Privacy Sandbox consists of a set of technical proposals to remake web advertising without privacy-compromising third-party cookies. It began to take shape a year after Google undertook Project Strobe, a rethink of Google Account and Android data access in the wake of ongoing security and privacy problems.

Essentially, the Privacy Sandbox aims to provide web advertisers with the ability to send ads to specific audiences and interests, and to know whether ads were viewed and were effective, in a way that complies with evolving privacy regimes like Europe’s GDPR and the California Privacy Rights Act.

Building the Privacy Sandbox hasn’t gone as smoothly as expected. But eventually Google expects its suite of technologies – including Topics, FLEDGE, and FLoC – will allow third-party cookies to be phased out. Its main obstacle at the moment are ad companies that prefer the not-very-private status quo: these firms are trying to convince regulators to keep web cookies alive.

Apple blazed the trail

By bringing its Privacy Sandbox to Android, Google is following in the footsteps of Apple, which upended in-app advertising on iOS devices via its App Tracking Transparency (ATT) framework.

ATT required iOS app developers to obtain opt-in permission before using the iOS device identifier, IDFA, for ad-related tracking and offered in its place the SKAdNetwork 2.0 API, effectively deprecating IDFA.

Technical changes of this sort show up on corporate balance sheets. Apple’s privacy changes are expected to cost Meta $10bn this year. Now Google, less affected by ATT than Meta, wants to do away its advertising ID for Android.

“Google’s announcement should not come as a surprise,” said Dimitrios Katsifis, an associate with law firm Geradin Partners in a blog post. “The writing was on the wall for mobile advertising identifiers, just like the writing was on the wall for third party cookies.”

Google’s plan also puts disreputable ad tech firms on notice. What Chavez describes as a safer way for apps to integrate with advertising libraries (SDKs) refers to pending changes in Google’s mobile operating system.

Starting in Android 13, SDKs will operate in a dedicated runtime environment called the SDK Runtime, with a separate set of permissions. In theory, this should reduce the potential for privacy violations and data abuse through third-party ad frameworks.

Google says it plans to engage with other ad industry firms and to work with regulators, a nod to the difficulty of reworking the ad technology that so many depend upon and so many despise.

The UK Competition and Markets Authority (CMA) is currently considering whether Google’s Privacy Sandbox disadvantages other online ad firms and Google has made commitments to the CMA to make its proposals more palatable. Google says it will extend those commitments from the web to Android.

“The Privacy Sandbox on Android is an important part of our mission to raise the bar for user privacy, while giving developers and businesses the tools they need to succeed on mobile,” said Chavez. “We look forward to working with the industry on this journey.” ®