Press "Enter" to skip to content

‘The Devil Is in the Details’

Tech Experts Skeptical Over Google’s ‘Private by Design’ Android Update

By Robert Bateman

Google claims a planned update to its Android operating system will promote privacy and transparency and offer users more control over their data. But tech experts told Digital Privacy News that the measures might be just an attempt to keep regulators at bay — and play “catch up” with rival Apple.

“These companies in the tech sector, for the past 20 years or so, have been making unfathomable amounts of money from monetizing data about internet users and selling advertising against it,” said Nathalie Maréchal, senior policy analyst at Ranking Digital Rights (RDR), a research group in Washington.

“The changes don’t include anti-tracking tech, which is a big negative.”

Karen Gullo, Electronic Frontier Foundation.

“They are seeing the privacy pushback,” she continued. “They see that regulation is coming — and they’re hoping that by reforming their business a little bit, they’ll be able to stave off the threat of regulation.”

Google did not respond to a request for comment from Digital Privacy News.

‘Ambitious Privacy Release’

The changes were first announced at the Google I/O conference on May 18 and will form part of the Android 12 update later this year. New features will include a “privacy dashboard,” more control over the collection of location data and tighter restrictions on app permissions.

According to a post that day on the Android developer blog, the plans represent Android’s “most ambitious privacy release to date.”

Karen Gullo, an analyst at the Electronic Frontier Foundation (EFF), noted some positive elements to Google’s proposals, including the “privacy dashboard, which shows which apps accessed which data.” 

Gullo also identified some other privacy benefits, including “separating Bluetooth access from location access, providing visual indicators when your camera or microphone are in use, and offering approximate location instead of only precise location.

“Privacy by design should be thought of as a process, rather than a product.”

Lukasz Olejnik, researcher and consultant.

“But the changes don’t include anti-tracking tech,” Gullo told Digital Privacy News, “which is a big negative.”

The lack of any restrictions on “tracking” distinguished Google’s plans from Apple’s recent privacy-focused changes, released to iPhone users on April 26.

Apple’s policy forced developers to obtain users’ permission before tracking their activity across third-party apps and websites.

“Google is not going quite as far as Apple is,” RDR’s Maréchal said, pointing out that Google’s business model might be the reason why it was not proposing tracking restrictions. 

“Google makes the bulk of its money from advertising,” she explained. “But for Apple, that’s a small — though growing — part of its income.

“So, Apple is able to be much stricter in limiting the amount of data that it collects, or allows third parties to collect,” Maréchal said. “Whereas Google can’t turn off the tap completely because that’s how it makes money.”

‘Secure by Default’

Nonetheless, Google described Android 12 as “secure by default and private by design” in a May 18 product update — a claim that provoked skepticism from independent privacy researcher and consultant Lukasz Olejnik.

“I would not call these measures a ‘privacy-by-design’ stack,” Olejnik told Digital Privacy News.

“Privacy by design should not be linked to any particular commercial product,” he said. “Privacy by design should be thought of as a process, rather than a product.”

“They’re hoping that by reforming their business a little bit, they’ll be able to stave off the threat of regulation.”

Nathalie Maréchal, Ranking Digital Rights.

Olejnik said Google’s changes were “long overdue,” and noted that he had been calling for some of the planned features — such as the log of apps that had accessed the device’s camera, microphone and location. 

“However, the devil is in the details,” Olejnik said. “For example, will there be a separate transparency log for the sensors used by the Chrome web browser, on a per-website basis? 

“If not, then I am afraid that such a feature would be incomplete.”

Robert Bateman is a writer in Brighton, U.K.