Google extends Privacy Sandbox proposals to Android

On February 17, 2022 ad tech matters, android, attribution, google, privacy sandbox, Programmatic

Google have now announced that the Privacy Sandbox proposals approach that they have been developing for web-based environments (Chrome) has been extended to include in-app environments (Android). This news compounds upon the limitations on ad tracking experienced by the industry last year when Apple released App Tracking Transparency (ATT) as well as several other new privacy features within various updates to the iOS mobile operating system on their devices.

Google had very recently provided a number updates on their key Privacy Sandbox proposals for the web (click here for an overview) and some of the proposals are the same, or at least similar. Importantly the approach for Android also aligns with industry being given the opportunity to digest, test and feedback on the various proposals as they evolve.

As for the key details (x4) on the initial proposals, some timings (including on GAID) and how to participate see below:

The key proposals

Topics API – this proposed approach to enabling cross-site interest-based advertising without cross-app or device identifiers (including Google’s Advertising ID) fully aligns with the proposals for web – which we covered here. It’s essentially an upgrade to the previous FLoC proposal to a simpler privacy-safe version of inferred behavioural targeting.

Attribution Reporting API – designed to enable both click-through and view-through conversion attribution measurement without cross-app or device identifiers (e.g. GAID). Again this fully aligns with the proposals for web and we provide a general introduction here to this key set of proposals, a summary of recent updates and some information on forthcoming trials and testing for industry participation – which we strongly advise our members to commit to sooner rather than later.

FLEDGE on Android – this proposal aligns with the proposed approach for web (click here for more info) by enabling re-marketing based on custom audiences defined by app developers and the previous interactions within their app. This information and associated ads are stored locally, so that no individual identifiers are shared with external parties. The process for Android encompasses two APIs for ad tech platforms and advertisers to support common interaction-based use cases.

Custom Audience API : This is centered on the custom audience abstraction, which represents an advertiser-designated audience with common intentions. Audience information is stored on-device and can be associated with relevant candidate ads for the audience and arbitrary metadata, such as bidding signals. The information can be used to inform advertiser bids, ad filtering, and rendering.

Ad Selection API : This provides a framework that orchestrates ad tech platforms’ workflows that leverage on-device signals to determine a winning ad by considering candidate ads stored locally, and performing additional processing on candidate ads that an ad tech platform returns to the device.

image source: Google

SDK Runtime – this proposal intends to provide an isolated process for third-party advertising code to run separately from an app’s code. This will limit the app and user data that advertising providers and platforms have access to, providing greater security and privacy protection by providing the ability to restrict or disable an SDK without impacting the app functionality.

Similar to the way in which apps are sandboxed, Google aims to provide a means of sandboxing SDKs within apps – and plans to introduce SDK Runtime into Android 13.

SDK Runtime also features a novel distribution mechanism enabling SDK developers to make non-breaking changes to their SDKs and distribute to devices, without any involvement from app developers.

image source: Mobile Dev Memo

Android / Google Advertising ID

Importantly it’s worth noting that Google’s Advertising ID will not be removed for at least another two years, giving everyone time to fully test for the alternative approaches. However some privacy features were introduced late last year (click here for more info) ensuring that the advertising ID is removed when a user opts out of personalisation using advertising ID in Android settings. Any attempts to access the identifier results in a string of zeros instead of the identifier.

Next steps & recommendations

Whilst the intentions for prioritising consumer privacy are obviously critical, the impact on both publishers and marketers should not be underestimated in terms of targeting, measurement and attribution across all devices. We strongly recommend that our members fully engage in the process of reviewing all the initial design proposals, participate in any available testing processes (whether directly or via key tech partners) and share feedback on the dedicated developer sites.


After a beta testing phase through 2022, the Android Privacy Sandbox proposals will be finalised by the end of 2022, with scaled testing will kick off in 2023. IAB Australia will be providing more information and guidance on this as the various Privacy Sandbox proposals evolve.

image source: Google