A Closer Look at the Android Privacy Sandbox

Estimated Read Time: 5 Minutes

For a while it seemed that Google was being somewhat reactive on the privacy battleground. It had let Apple lead the way when it came to enacting stricter mobile app permissions and putting privacy first. Now, Google has finally made a move to retake the leadership position on the issue of privacy by announcing a set of proposals they call the Android Privacy Sandbox, that are designed to create a new approach to personalized advertising in a privacy-centric era. This work is an extension of efforts Google has made for their Chrome browser and, if there isn’t another FLOC-sized flop, it will be ready for initial testing by the end of this year.

Note: Google has left itself a lot of wiggle room regarding when these proposals will actually be implemented. They are clearly not interested in rocking the advertising boat too much. This means that it may take a while for this framework to actually materialize.

As proud champions of personalization-with-privacy, we eagerly reviewed these proposals and here are some of our key takeaways:

1. Privacy First

All the Android Privacy Sandbox proposals reflect that Google has recognized the obvious truth: Users are entitled to having tighter restrictions on the level of access advertisers have to their personal data. Google proposes to place itself in between the end-user and the ad-SDKs, at least when it comes to data related to users’ personal app or web navigation habits. They are indeed trying to bridge the needs of the advertisers with the rights of the users. This is significant since advertising revenue is the lifeline of Google and even minor disruptions can result in billions in lost revenue. Analysis: Google should be commended for this initiative, even though it may solidify its hold on the ecosystem even further.

2. Keeping the data on the device

It looks like Google has accepted that it is much better for users that their data is processed locally (on the device or in the browser) as opposed to being sent to the cloud for processing, collection and sharing. Being firm believers in intelligent data processing and machine learning on the edge device (a.k.a. Edge AI) as the solution for reversing the personalization paradigm, we obviously applaud them for coming round on this key aspect of privacy. According to Google’s proposals, they will be the ones to process users’ app and web actions. The insights they generate will then be made available for companies and 3rd parties to use for targeting ads and promotional material. Analysis: It’s a great move and it’s about time they made it. Edge AI is the only real solution to allow privacy and personalization to coexist.

3. Personalization

The Android Privacy Sandbox proposals combine two forms of segmentation that can be used for targeting users. The first is Interest- Based Advertising (IBA), using a list of 3 Topics selected randomly from a list generated by processing the user’s most recent web and/or app navigation to detect interest. This can be shaky because it depends on a substantial quantity of Topics to enable high granularity and the current proposal promises only “hundreds to thousands” of Topics. The second is Custom Audiences, which apps/sites can use for retargeting based on users’ behavior in their own app.

Unfortunately, these types do not take into account the individual context, daily routine, or the depth of the user’s Persona. How well do just three topics describe you? Analysis: There are many valuable first-party insights that can be generated on the device using non-personal identifiable data that Google cannot reflect with the Privacy Sandbox. The result is a rather shallow view of the user. It is a nice start, though.

4. Transparency breeds trust

We were happy to see that Google’s proposals have finally recognized the importance of transparency in a customer relationship. Too many companies are OK with a unilateral model in which they collect data and make use of it in ways that users are unaware of. It is encouraging that the proposals allow for end-user control over the Topics and the apps that use them. It is unfortunate, however, that these controls are still vaguely assigned to an unspecified future version. They are not part of the initial scope. Analysis: The theory is good, but we’ll hold the congratulations until we see something actually being planned and demonstrated.

5. Transactional vs. Relational

Google has proposed the Android Privacy Sandbox to address advertising use cases, targeting users on an ad-hoc basis. This is great when brands and companies are reaching out to new audiences and new customers. These interactions are transactional, singular in nature. Even when used for retargeting, the proposal addresses the bare minimum of familiarity, based primarily on what users have done and not on who they are. Brands and companies can do better when it comes to repeat customers by cultivating their relationships with those customers.

Brands gain a direct, organic communication channel with which they can engage with customers on a non-transactional basis. They can leverage their mobile apps to create and strengthen that relationship to offer personalized experiences without any middlemen. Analysis: If you must pay for user acquisition and new business, this framework holds promise. However, brands and companies will save a lot of money on retention and retargeting if they implement their own privacy-centric solutions and build their own Customer Relationships. Using Edge AI implemented in the app itself can allow you to enjoy both worlds. Engage your existing customers organically, using rich segmentation with full privacy. In parallel, new customer acquisition can be addressed using the Privacy Sandbox APIs.

And finally: Google vs. the Ecosystem

For taking on the challenge of fixing the advertising ecosystem, we have to give Google credit where credit is due. This can be a win all around for brands, advertisers and end-users alike. However, it would be naive of us not to address the fact that these proposals, if and when they are implemented, seem to reaffirm Google’s stranglehold on the core of the advertising ecosystem. The advertising, retargeting, measurement and attribution APIs revenue streams will all flow through Google. This will essentially place their hand on the controls of the floodgates. Analysis: This would not be the first time a market behemoth threw its weight around to tilt the landscape in its favor. In the coming months, it will be extremely interesting to gauge the industry’s reaction to these proposals.


We anticipate the introduction of additional initiatives that seek to enable personalization with increased privacy. Over time, just like Google, the rest of the market will realize that the privacy endgame is for all personal data to be processed and kept on the device. Don’t wait for them to catch up. Check out how using Edge AI can deliver rich personalization with full privacy.

To learn more about how Anagog’s solutions can increase transparency and eliminate the need to collect private information, contact us