Provide feedback
Mobile apps have become a fundamental part of people's lives. Currently, over90% of the apps on Google Play are free, providing access to valuable contentand services to billions of users. Digital advertising plays a key role inmaking this possible. But in order to ensure a healthy app ecosystem —benefiting users, developers and businesses — the industry must continue toevolve how digital advertising works to improve user privacy.
Three years ago, Google announced thePrivacy Sandbox initiative to help improve userprivacy on the web. Our proposal is to bring the Privacy Sandbox to Android,providing a clear path forward to improve user privacy without putting access tofree content and services at risk.
Our goal with the Privacy Sandbox on Android is to develop effective andprivacy enhancing advertising solutions, where users know their privacy isprotected, and developers and businesses have the tools to succeed on mobile.While we design, build and test these new solutions, we plan to supportexisting ads platform features—includingadvertising ID—forat least two years, and will provide substantial notice ahead of any futurechanges.
To achieve the end goal, the Privacy Sandbox on Android proposes to introducetwo key solutions; an SDK Runtime and a set ofprivacy-preserving APIs.
SDK Runtime
The Android platform uses the concept ofapp sandboxing to maintainrobust execution and security boundaries for app code, along process boundaries.It's a common practice for apps to include third party code in their apps, oftenin the form of SDKs such as ads SDKs or analytics SDKs. This reuse enables appdevelopers to focus on their app's differentiation while leveraging the work ofsubject matter experts to scale their execution beyond what they could easily doon their own.
In Android, SDKs are executed within the host app's sandbox, and inherit thesame privileges and permissions of their host app, as well as access to thehost app's memory and storage. While this architecture enables SDKs and apps toflexibly integrate, it also creates the potential for undisclosed user datacollection and sharing. Moreover, app developers may not be fully aware of theextent of a third party SDK's functionality and the data it accesses -- makingit challenging to account for the data collection and sharing practices oftheir app.
In Android 13, we plan to add a new platform capability where third-party SDKscan run in a dedicated runtime environment. The SDK Runtime would have amodified execution environment and well-defined permissions and data accessrights for SDKs, providing stronger safeguards and guarantees around user datacollection and sharing.
Learn more about the SDK Runtime in thedesign proposal.
Privacy-preserving APIs
In order to support core advertising use cases without reliance on cross-appidentifiers, the Privacy Sandbox on Android proposes a set of APIs that enableads personalization and measurement in a more private way.
These APIs protect user privacy through a combination of techniques such asretaining selected private data and processing on-device, aggregation andrandomizing of data, and on-device ad selection. These API designs alignclosely with the corresponding efforts by thePrivacy Sandbox for the Webto ensure consistency in the approach and the desired outcome, while taking intoaccount the differences in browser and app technologies.
The initial design proposals include 3 core use cases:
- Topics infers coarse-grainedinterest signals, called topics, based on the apps on a user's device.Advertising SDKs may use these topics as an input to serve ads to relevantusers.
- Protected Audience introduces a new way to show ads based on"custom audiences" defined by app developers and the interactions within theirapp. The solution stores this information and associated ads locally, andprovides a framework to orchestrate ad selection workflows.
- Attribution Reportingsupports the measurement of conversions, machine learning optimization usecases like predicted conversion-rate model building, and invalid activitydetection.
The SDK Runtime and Privacy-Preserving APIs will be developed as part of theAndroid Open Source Project, providingtransparency into the design and implementation of these solutions.
Android will collaborate with the entire industry and app ecosystem on thejourney to a more privacy-first mobile platform, and one which supports a richdiversity of value-exchange that benefits users, developers, and advertisers. Asthe Privacy Sandbox on Android evolves, we will ensure that frequent updates areprovided and the entire ecosystem will be able to providefeedback on the proposals.