Anyone who put “Google makes its first subtle move to nix the Android Ad ID” on their 2022 bingo card gets a cookie.
Because, on Wednesday, Google finally did it. The Privacy Sandbox is coming to Android, folks.
In the short term, the Android Ad ID isn’t going anywhere. Google plans to “support existing ad platform features, including Ad ID, for at least two years” and “provide substantial notice ahead of any future changes,” said Anthony Chavez, VP of product management for Android security and privacy.
But read between the lines and it seems clear that, eventually, the Android Ad ID will be phased out in favor of a series of privacy-preserving APIs whose names will sound very familiar to anyone who’s been toiling away in the Chrome Privacy Sandbox.
Google will release developer previews of the Android proposals over the course of 2022 with a beta release scheduled by the end of the year.
“We fundamentally believe there is a path forward for the industry that includes both user privacy and supporting a healthy mobile ecosystem,” Chavez said. New technologies must combine privacy with advertising capabilities to support developers and businesses, he added.
So, what’s in it?
The Android Privacy Sandbox builds on the third-party cookie-related work already being done in the Chrome version of the Sandbox. The initial goal is to support a handful of primary advertising use cases: targeting, retargeting, attribution and measurement.
There will be mobile app versions of the Topics API (for basic, broad-based targeting), FLEDGE (for remarketing) and the Core Attribution API.
There will obviously be technical differences “given that a browser and a mobile operating system are different things,” Chavez said, but “the core use cases and design approach are aligned.”
But there is one proposal that’s unique to the Android Privacy Sandbox called SDK Runtime, which will involve what Chavez called “a new, safer way” for apps to integrate with third-party advertising-related SDKs.
“These APIs will operate without cross-app identifiers,” Chavez said.
And that’s an important distinction between the Android Privacy Sandbox and what Apple did. When Apple rolled out its AppTrackingTransparency framework for iOS 14.5 and up, it implemented a consent requirement in order to collect and share the IDFA – and did so without a lot of notice. (The mobile ad ecosystem was in freak-out mode for a year.)
As Google and partners design, build and test the proposals in the Android Privacy Sandbox, developers will still be able to use all existing platform features for at least two years. And, according to Chavez, Google will “provide substantial notice ahead of any future changes.”
Android’s approach
The overarching goal is to create APIs that limit user data sharing and reduce the potential for undisclosed data collection.
According to Google, everyone (including Google) will have to use the same Android API solutions, and no one (including Google) will have any privileged positions or special access to platform data – although first-party data will be treated differently.
Chavez said Android will let developers keep using their own first-party data without any restrictions.
“There’s an important distinction here between first-party and third-party data,” he said. “We believe that when a user shares data with a specific developer, that’s fundamentally different than when their data is exchanged between different parties.”
In that vein, Google intends to apply the same commitments that it just agreed upon with the UK’s Competition and Markets Authority for oversight of the Chrome Privacy Sandbox to its Android cousin. Those commitments include not giving preferential treatment to Google’s own sites and apps and more openly engaging with third parties throughout the development process.
Let the iterations begin
The specifics of what’s in the Android Privacy Sandbox are still very thin on the ground, but that’s because it’s early and the plan is for the proposals to develop as part of an “iterative process,” Chavez said.
Google will gather and share feedback through a testing process not dissimilar to what’s happening over on Chrome – but with one big difference.
There’s no corresponding mobile version of the World Wide Web Consortium, which was selected as the venue of choice by Chrome to host discussions about Privacy Sandbox proposals for the web.
In this case, Android will assemble its own community of developers, publishers and other companies across the ecosystem to collaborate on the proposals. Snap, Rovio and Duolingo have already signaled their support.
How’d we get here?
The release of a Privacy Sandbox for Android and intimations that the Android Ad ID will someday soonish be no more will only come as a surprise to those who weren’t paying attention.
In June, Google told developers that, by the end of 2021, it would fully obfuscate the Android Ad ID of any users that chose to opt out of tracking and personalized advertising. Previously, people were still associated with an Ad ID when they opened an app even if they’d opted out.
Now, when users opt out of ad tracking, Google zeros out their ID and notifies developers and ad tech companies to delete that information in their backend systems.
“Google’s change now is small, but significant,” Maor Sadra, CEO and co-founder of incrementality startup INCRMNTAL, told AdExchanger at the time. “It’s a signal that Google is heading in the same direction as Apple.”
Ticking timeline
Initial design proposals for the Privacy Sandbox on Android will be released this quarter with design feedback, iterations and developer previews released throughout the year.
(Developer previews are releases primarily aimed at developers so they can run tests and experiment with new features.)
After a beta test of Android Privacy Sandbox proposals by the end of 2022, scaled testing will kick off in 2023.
According to Chavez, however, the developer previews and the beta will be independent of the upcoming Android 13 release cadence (although Google plans to introduce SDK Runtime along with Android 13, which will likely come out in the autumn). The other proposals will be delivered through “existing mechanisms” Android has in place for updating products, he said.
All of the Android Privacy Sandbox proposals will be published on the Android developer site for public review.