Google has taken another step toward enabling new privacy-focused advertising solutions on Android, with the release of Privacy Sandbox as a developer preview. Originally launched in February, the initiative aims to offer developers the ability to adapt the new Privacy Sandbox within Android, which will also allow them to adapt systems to the new ad format and its APIs.
Keep in mind that this system, according to Google, was created to offer more privacy and data control to users when viewing online ads. The goal is to create a safer way for users to use the Internet, while still receiving ads targeted to their tastes.
Last year, Apple added App Tracking Transparency (ATT) to iOS. The idea behind ATT is simple: iOS mobile apps will now have to ask users for permission to access their browsing data as soon as the app in question is downloaded, right in the smartphone’s interface. Users will be able to accept or refuse to share some of their data with the application. As a result, applications will no longer be able to access the famous IDFA (IDentifier For Advertisers). The concern of some advertisers comes from there: this unique advertising identifier allowed them until now to track users, to send them ads based on their behavior related to the use of apps.
This change in the flow of data from mobile users was enough to destabilize even Facebook.
This time around, Google, which relies on targeted advertising for its business model, is preparing its own multi-year adjustment to mobile ad tracking and privacy. After starting to bet on the Privacy Sandbox, it seems that Google is preparing to expand this new system beyond desktop devices, and has also started to reach the smartphone world.
In February, Google stated:
“Mobile apps are an integral part of our daily lives. Currently, more than 90*% of apps on Google*Play are free, providing access to valuable content and services to billions of users. Digital advertising plays a key role in making this possible. But in order to ensure a healthy app ecosystem – for the benefit of users, developers and businesses – the industry must continue to evolve how digital advertising works to improve user privacy. That’s why we initially developed the Ad ID to give users more control. Over the past year, we’ve made improvements to those controls, but we think it’s important to go further.
“Today, we are announcing a multi-year initiative to create the Privacy Sandbox on Android, with the goal of introducing new, more private advertising solutions. Specifically, these solutions will limit the sharing of user data with third parties and operate without cross-application credentials, including ad credentials. We are also exploring technologies that reduce the potential for secret data collection, including more secure ways for apps to integrate with ad SDKs.
“Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path to improve user privacy without jeopardizing access to free content and services.”
A few days ago, Google reported that the first Privacy Sandbox Developer Preview is available on Android.
This new plan is supposed to replace Android’s existing ad ID, which is a user-resettable ID for each device with Privacy Sandbox that brings “new, more privacy-friendly advertising solutions.” Like Apple’s approach, it claims to limit data shared with third parties and remove cross-application identifiers, but we still don’t know exactly what technology might be implemented. The Developer Preview requires Android 13 Developer Beta.
“We recently announced the Privacy Sandbox on Android to enable new advertising solutions that improve user privacy and provide developers and businesses with the tools to succeed on mobile. Since the announcement, we’ve heard from developers across the ecosystem about our initial design proposals. Your feedback is critical to ensuring we design solutions that work for everyone, so please continue to share it via the Android Developer Site.
“Today, we’re releasing the first developer preview of Privacy Sandbox on Android, which provides a first look at the SDK Runtime and Topics API. You’ll be able to do some preliminary testing of these new technologies and evaluate how you might adopt them for your solutions. This is a Preview, so some features may not be implemented at this time, and functionality is subject to change. See the release notes for more details on what is included in the release.
Privacy Sandbox – What’s in the Developer Preview?
The Privacy Sandbox Developer Preview provides additional APIs and platform services on top of the Android 13 developer beta, including an SDK, system images, an emulator, and developer documentation. Specifically, you will have access to the following:
- Android SDK and 64-bit Android emulator system images that include the Privacy Sandbox APIs.
- Device system images for the Pixel*6*Pro, Pixel*6, Pixel*5a (5G), Pixel*5, Pixel*4 and Pixel*4a. This preliminary version is reserved for developers and is not intended for everyday or consumer use. Google is therefore only making it available as a manual download.
- Developer Guides for the SDK Runtime API and Topics.
- Sample code that illustrates the implementation of SDKs that are compatible with running and using the Topics API, available on GitHub.
- Privacy Sandbox API Reference.
Google’s argument is that it can find a way to protect user privacy better than existing solutions, while providing information for targeted advertising delivered on websites like this and in many free apps. Critics, including competitors, privacy advocates and regulators, have suggested that its approaches will harm privacy and possibly give Google an unfair advantage that hurts competition. Last year, an antitrust suit against Google by 15 state prosecutors targeted the Privacy Sandbox.
Developers who test it will get a first look at the Privacy Sandbox and Google’s Cookie Replacement Topics API – and find out how they might work in practice.
Topics, Google’s alternative to third-party advertising cookies
Google has proposed FLoC (Federated Learning of Cohorts), a project to replace cookies for interest-based targeted advertising by grouping users into groups of users with comparable interests.
In a nutshell, FLoC trades individual user tracking and fingerprinting for group (cohort) identification based on similar browsing histories of group members. FLoC essentially puts people into groups based on similar browsing behaviors, which means that only “cohort identifiers” and not individual user identifiers are used to target them. Web history and inputs for the algorithm are kept on the browser, with the browser exposing only a “cohort” containing thousands of people.
However, many privacy advocates are not convinced and see FLoC as an even worse solution than the problem it is trying to solve. In addition to potentially violating laws like the GDPR, critics also point out that FLoC collects more private data in the form of browsing history, which even tracking cookies do not. While unique individual identities can be hidden behind cohorts, the data held by browsing history can still be considered something private, especially when it will be easy to develop profiles for members of that group.
Faced with the outcry over FLoC, Google has changed its approach and made a new proposal: Topics. The idea here is that your browser will learn your interests as you move around the Web. It will keep data for the last three weeks of your browsing history.
When you access a site that supports the Topics API for advertising purposes, the browser will share three topics that interest you (one for each of the last three weeks) randomly selected from your top five topics for each week. The site can then share this with its advertising partners to decide which ads to show you. Ideally, this would be a more private method of deciding which ads to show you, and Google notes that it also gives users much more control and transparency than is currently the norm. Users will be able to view and remove topics from their lists, and also disable the entire Topics API.
Initially, Google has limited the number of topics to 300, with plans to expand them over time. Google notes that these topics will not include any sensitive categories like gender or race. To determine your interests, Google ranks the sites you visit according to one of these 300 topics. For sites it hasn’t previously ranked, a lightweight machine learning algorithm in the browser will take over and provide an estimated topic based on the domain name.
Since March, developers can test Topics in the Canary version of Chrome.