The Rundown: What you should know now that Google is bringing its Privacy Sandbox to Android

First, let’s go through the facts as we know them now that the biggest online advertising company on the internet brings further restrictions to mobile advertising identifiers, or MAIDs, to the most widely used mobile OS on the planet.

• Google will introduce Privacy Sandbox features on Android with initial design proposals expected this quarter.
• Design and feedback iterations to take place throughout 2022.
• A beta launch is expected by the end of this year.
• “Scaled testing” will take place in 2023.

Google will support the Android AdID for “at least two years” and provide the industry with “substantial notice” of any future changes, according to Anthony Chavez, vp of product management, Android security & privacy at Google.

During a media briefing earlier this week, he further attempted to reassure attendees that the planned Android privacy overhaul will apply equally to all parties with “no special or privileged access to platform data for anyone.”

Additionally, Chavez further went on to explain how Google distinguishes between first and third-party data with the former deemed “fundamentally different” than when an Android device user’s data is exchanged between “different parties”.

He added, “We’ll continue to support first-party use cases on Android while we build these new solutions that reduce the need for third-party data sharing.”

So, what’s in store?

The rollout will build upon the Privacy Sandbox proposals that Google has been experimenting with and submitting for approval by industry peers, not to mention regulators, since 2020. Ultimately, Privacy Sandbox seeks to establish a set of technical standards that will enable ad targeting and measurement on the web post — and now on the Android mobile operating system — after the retirement of traditional targeting tools such as third-party cookies.

“Specifically, these solutions will limit sharing of user data with third parties and operate without cross-app identifiers, including advertising ID,” wrote Chavez in a blog post. “We’re also exploring technologies that reduce the potential for covert data collection, including safer ways for apps to integrate with advertising SDKs.”

Google’s Chavez further highlighted how “we believe that it’s critical to work closely with the industry with these new technologies to develop new “privacy-preserving APIs” that “won’t rely on cross-app identifiers.”

The planned APIs intend to enable key marketing functions such as attribution reporting, conversion measurement, ad personalization (including ad retargeting) in a manner similar to the use cases it has already proposed with its Privacy Sandbox proposals on the desktop open web.

“One thing we’re proposing that is unique to Android is what we’re calling the SDK runtime,” added Chavez. “We’re proposing a new safer way for apps to be able to integrate with third-party, advertising-related SDKs and we think this could be a big step forward for reducing the potential for covert data collection and sharing.”

What now for the Android OS ecosystem?

Some will fear that Google’s announcement to restrict access to the Android MAID sounds eerily familiar to Apple’s moves to restrict access to its advertising identifier, IDFA, a development that has caused no end of rancor in the iOS ecosystem in recent years.

Chavez is keen to highlight how Google’s collaborative approach contrasts with the “blunt approach” of other platforms (read Apple) adding that developers can now review the initial design proposals and share feedback on the Android developer website.

A recent blog post by ad tech investor Ciaran O’Kane, founding partner of First Party Capital, noted how the rumors of such an announcement by Google have been circulating for weeks.

He went on to add, “The industry right now reminds me of Tom Hanks in [the feature film] Cast Away, clinging to wreckage in the open ocean, hoping to get back to civilization… and slowly going mad.

“The way out of this mess is reinvestment in measurement and targeting that are not reliant on legacy third-party cookies and MAIDs.”

No doubt, mobile measurement providers and advertisers, some of whom are already feeling the pinch of earlier MAIDs-restrictions dictated by Google, will want to further interrogate Google’s planned rollout.

Charles F. Manning, CEO of mobile measurement firm Kochava, noted how Google has a history of collaborating with the ecosystem to ensure that the final solution addresses various constituents in the value chain. 

“The assumption in the market may be that this is a land-grab, perpetrated by Google, for control of data,” he added. “At face value, we don’t believe that to be the case… the last 10 years have brought near-ubiquitous access to mobile computing to consumers and the OS-providers are naturally innovating to enable more configurability to balance capabilities delivered via mobile devices and the privacy controls related for consumers.”

Meanwhile, Alex Austin, CEO of Branch — a company that helps apps with measurement and user growth — told Digiday that while such privacy measures are welcome privacy enhancements, less scrupulous actors may seek to take advantage of potential loopholes.

“The Google AdID is a very reliable and accessible identifier,” he said. “But when you move to these more restrictive methods, what happens is that all the shady companies (not Branch, of course) try to find alternative workarounds to the MAID but with methods the user doesn’t have any control over, ultimately hurting end-user privacy.”