Upcoming Android privacy changes include ability to blank advertising ID, and 'safety section' in Play store

New policies give users more control, but ad tracking still on by default

Google has shared details of upcoming changes to Android including the ability to blank a device's advertising ID, and a new safety section for apps in the Play store.

The advertising ID is an identifier unique to an Android device which is supplied by Google Play Services. Since every app on that device can retrieve the same ID, it can be used for profiling the user of the device. Users can set an option to "Limit ad tracking", and the API that supplies the advertising ID also indicates whether the user has opted out, but respecting this option is on a trust basis.

Privacy advocate Max Schrems filed a legal complaint against Google last year, arguing that the advertising ID is personal data and that the option to reset it, which automatically creates a replacement ID, was "like cancelling a contract only under the condition that you sign a new one."

Why supply the advertising ID at all if the user wishes to limit ad tracking? Google has accepted this idea, and director of product management Krish Vitaldevara posted that "when users opt out of interest-based advertising or ads personalization, their advertising ID will be removed and replaced with a string of zeros."

Developers were informed of the upcoming change last month. The change will be implemented by an update to Google Play Services on the device, and will affect Android 12 devices from late this year, and "all apps running on devices that support Google Play" in early 2022.

There is also a new feature whereby when a user deletes their advertising ID, developers will receive a notification "so they can promptly erase advertising IDs that are not in use."

Are there other ways of uniquely identifying a device? There are, including the hardware IMEI, the serial number, the Wi-Fi or Bluetooth MAC address, and the Android ID. Vitaldevara said that Google is "prohibiting linking persistent device identifiers to personal and sensitive user data or resettable device identifiers."

Once again it is a matter of trusting the vendor, though Android permissions play a role here too. Apps that ask for permissions that appear to have nothing to do with their functionality should give users pause for thought. Note Android 12, currently in beta, has fixed a long-standing complaint, that apps scanning nearby Bluetooth devices need location permissions. This is not the case in Android 12.

That said, Google is also introducing a new device identifier, called the app set ID, which will be the same for all apps on a device that are published by the same developer. This is intended for "analytics or fraud prevention." Vitaldevara said that "you cannot use app set ID for ads personalization or ads measurement." Developers can only use the advertising ID for this, and further, apps "primarily directed to children" are not allowed to collect the advertising ID.

Google's preview of the forthcoming Safety Section in Play store

Google's preview of the new safety section in Play store

The safety section is an upcoming addition to the Play store and "ultimately, all Google Play store apps will be required to share information in the safety section," said Suzanne Frey, VP Android security and privacy. The deadline for this is April 2022. It will show what type of data is collected, such as location, contacts, personal information, and so on. It will also show how data is used and whether data collection is optional or required. All developers must provide a privacy policy, even if their apps collect no personal data. Frey added that Google "learned that users care about whether their data is shared with other companies, and why."

While these changes will no doubt be welcomed by those who care about their privacy, note that the advertising ID will be present by default, unlike Apple's changes in iOS 14.5 which require developers to ask users to opt into tracking across apps and websites. Figures collected by analytics company Flurry show an opt-in rate of just 13 per cent across apps, gradually increasing as more users respond to prompts. The opt out is likely to have much less impact.

If Google is imposing these restrictions on developers of apps using its platform, is it also imposing them on itself? Currently, Google's privacy policy (which applies to Android as well as other services) states that "the information we collect includes unique identifiers" as well as "which apps you've installed." The policy also states that "we use the information we collect to customize our services for you, including providing recommendations, personalized content, and customized search results" and that "depending on your settings, we may also show you personalized ads based on your interests," though there are per-browser settings to disable ad personalisation. A common complaint is that identifying exactly how Google uses the data it collects is beyond challenging.

Doubts remain, both over how effective these new privacy controls will be at curbing ad tracking on Android, and whether Google's changes will also happen to give the company a further advantage over its competitors. In its latest financial statements for calendar Q2, Google's parent company Alphabet reported quarterly revenue from advertising of $50.44bn from $61.8bn total revenue. ®

Similar topics

Other stories you might like

  • Tesla driver charged with vehicular manslaughter after deadly Autopilot crash

    Prosecution seems to be first of its kind in America

    A Tesla driver has seemingly become the first person in the US to be charged with vehicular manslaughter for a deadly crash in which the vehicle's Autopilot mode was engaged.

    According to the cops, the driver exited a highway in his Tesla Model S, ran a red light, and smashed into a Honda Civic at an intersection in Gardena, Los Angeles County, in late 2019. A man and woman in the second car were killed. The Tesla driver and a passenger survived and were taken to hospital.

    Prosecutors in California charged Kevin George Aziz Riad, 27, in October last year though details of the case are only just emerging, according to AP on Tuesday. Riad, a limousine service driver, is facing two counts of vehicular manslaughter, and is free on bail after pleading not guilty.

    Continue reading
  • AMD returns to smartphone graphics with new Samsung chip for your pocket computer

    We're back in black

    AMD's GPU technology is returning to mobile handsets with Samsung's Exynos 2200 system-on-chip, which was announced on Tuesday.

    The Exynos 2200 processor, fabricated using a 4nm process, has Armv9 CPU cores and the oddly named Xclipse GPU, which is an adaptation of AMD's RDNA 2 mainstream GPU architecture.

    AMD was in the handheld GPU market until 2009, when it sold the Imageon GPU and handheld business for $65m to Qualcomm, which turned the tech into the Adreno GPU for its Snapdragon family. AMD's Imageon processors were used in devices from Motorola, Panasonic, Palm and others making Windows Mobile handsets.

    Continue reading
  • Big shock: Guy who fled political violence and became rich in tech now struggles to care about political violence

    'I recognize that I come across as lacking empathy,' billionaire VC admits

    Billionaire tech investor and ex-Facebook senior executive Chamath Palihapitiya was publicly blasted after he said nobody really cares about the reported human rights abuse of Uyghur Muslims in China.

    The blunt comments were made during the latest episode of All-In, a podcast in which Palihapitiya chats to investors and entrepreneurs Jason Calacanis, David Sacks, and David Friedberg about technology.

    The group were debating the Biden administration’s response to what's said to be China's crackdown of Uyghur Muslims when Palihapitiya interrupted and said: “Nobody cares about what’s happening to the Uyghurs, okay? ... I’m telling you a very hard ugly truth, okay? Of all the things that I care about … yes, it is below my line.”

    Continue reading

Biting the hand that feeds IT © 1998–2022