Google Announced the Privacy Sandbox Expansion to Android Apps – Our First Impressions

Last Updated on: 25th September 2023, 03:22 pm

Google has just announced that Privacy Sandbox will be expanded to the in-app environment. It is nice to see that some of my predictions for 2022 have already started to materialize in the second month of the year.

In this article you will learn about:

• The details of the Google announcement about the Privacy Sandbox expansion to Android
• What does it mean for the industry
• The possible next steps

Table of Contents:

• Our first impressions
• What did Google actually share?
• The assessment of the idea depends on the answers to some of the key questions
• What next?

Our first impressions

This news shouldn’t come as a surprise. When we read the first introduction of the Privacy Sandbox, back in 2019, we discussed internally that moving to in-app was just a matter of time, making it much broader than initially announced. Google’s later moves, like tightening the opt-out from Google Advertising ID (GAID) policies, have strengthened our convictions even more.

Our initial understanding of Google’s announcement from 2019 led us to start the Private Ads Team dedicated to co-creating the upcoming privacy-related changes in advertising. I wrote “privacy-related changes” on purpose, as they have never been just about third-party cookies and the web environment. It is clearly stated by the Information Commissioner’s Office (ICO), Elizabeth Denham, an authority that Google brings up on many occasions:

“I am looking for solutions that eliminate intrusive online tracking and profiling practices, and give people meaningful choice over the use of their personal data. My office will not accept proposals based on underlying adtech concepts that replicate or seek to maintain the status quo.”

Reading through individual proposals within the Privacy Sandbox, like Turtledove (now known as FLEDGE), FLoC (recently rebranded to Topics API), and Attribution Reporting API (also known as ARA), it was quite clear that they can be interoperable between web and app environments. They are also based on the principle of “what happens on the device, stays on the device,” which sounds very similar to what Apple heralded for years now. 

What did Google actually share?

Unlike with previous announcements, this time around Google shared significantly more material: 

• A high-level post on Google’s official blog,
• A video where Chrome engineer chats with Android engineer on the motivations leading to the announcement,
• An Android developer guide for the Privacy Sandbox,
• A dedicated subdomain for the Android Privacy Sandbox at privacysandbox.com,
• A dedicated mailing from Google’s points of contact for ad-tech players.

It shows how dedicated Google is to eventually implement the Privacy Sandbox as a new standard for digital advertising.

When it comes to the actual information provided, apart from announcing the expansion of the Privacy Sandbox to Android, Google confirmed the will to limit sharing user data across apps, including the advertising ID. This is a major blow to entities building cross-app user profiles and enriching them with external data. They will lose a key data point to identify users. 

It is worth noting that in their releases, Google acknowledges the need to address in-app advertising to support the mobile economy. In contrast, Apple significantly limited the availability of identifiers used for advertising without proposing an alternative. While significantly more complex than today’s technology, Google’s solutions will eventually lead to delivering relevant advertising to users, which will preserve the advertising effectiveness on a similar level, while improving privacy protection. One of the mechanisms aimed at improving privacy in the web Privacy Sandbox is called “Fenced Frame,” which aims to isolate the ad placement from the publisher. Plans for a similar mechanism were announced for the app environment.

Google’s approach to the app environment benefits three key stakeholders in the mobile economy. Users will benefit because they will see relevant content and ads without being identified individually. Publishers will benefit because they will be able to monetize their inventory, and advertisers because they will be able to reach the right audience.

Lastly, Google promised to support the currently existing tools for at least the next two years, to give the industry time to design, build, and test effective solutions, and move to the new reality. Importantly, beta Android Privacy Sandbox is promised to be released by the end of the year, so that there will be time for testing in the real environment.

The assessment of the idea depends on the answers to some of the key questions

Google should explain the differences between the web and app propositions. In the Android Privacy Sandbox, the ad auction will be run on the ad level and not on the interest group level. The k-anonymity mechanism is also missing. Additionally, it’s unclear to us what happened with some of the industry-proposed extensions, which were very positively received, and included in the web proposal. We believe it may be an oversight from the Android team.

When it comes to testing and the feedback in general, I’m also wondering what will be the forum for the discussion this time around. The World Wide Web Consortium (W3C), a key forum for the discussion on internet-related changes, does not interfere with the in-app environment. Perhaps an answer to that would be a new forum focusing on specific proposals, like FLEDGE or Topics API across environments. The development of the Privacy Sandbox for the web is a great example of how industry cooperation can improve the initial proposal. In that case, it was improving the original Turtledove with, among others, Product-level Turtledove and Outcome-based Turtledove, which significantly improved its usability and level playing field when implemented to the proposal’s second iteration, FLEDGE.

There’s also the regulatory aspect. Quite recently, the Competition and Markets Authority (CMA) accepted Google’s final commitments on the development of the Privacy Sandbox. In their blog post, Google claims to apply them to the in-app extension as well. It is yet unclear if the commitments clarify every aspect of the change in this environment.

What next?

Moving away from user-level targeting was the only option to meet the privacy requirements so important in today’s digital ecosystem. We are glad that Google focused on providing an alternative on Android and we will certainly engage in refining it. As one of the most active contributors to the web-based Privacy Sandbox, we feel much better positioned to advocate for the needs of our clients in the mobile environment than other adtech players without such an experience.

We are also waiting on Apple to start a similar initiative to support the market needs, and not only focus on its limited advertising solutions.

If you have any questions, comments or issues, or you’re interested in meeting with us, please get in touch.