The upcoming version of the Android operating system is taking a strong focus on privacy, but the Electronic Frontier Foundation (EFF) believes it could still do better. Despite Android Q’s efforts to protect users, the EFF says the operating system still favors ad trackers over users.
Android Q’s new privacy features include: user control over app access to device location, new limits on access to files in shared external storage, restrictions on launching activities, and restrictions on access to the device’s hardware and sensors.
“Android Q extends the transparency and control that users have over data and app capabilities,” Google wrote on its website.
“However, in at least one area, Q’s improvements are undermined by Android’s continued support of a feature that allows third-party advertisers, including Google itself, to track users across apps. Furthermore, Android still doesn’t let users control their apps’ access to the Internet, a basic permission that would address a wide range of privacy concerns,” Bennett Cyphers, engineer for the EFF, wrote in a post.
According to Cyphers, while Android Q has new restrictions on non-resettable device identifies, it will allow unrestricted access for its own tracking identifier. “As of the latest release, Google encourages ad trackers to eschew other device identifiers, like IMEI, in favor of the ad ID. Facebook and other targeting companies allow businesses to upload lists of ad IDs that they have collected in order to target those users on other platforms,” he wrote.
In addition, while the operating system does feature a “opt out of ad personalization” checkbox, Cyphers explained there are no actual technical safeguards to enforce this.
“On Android, there is no way for the user to control which apps can access the ID, and no way to turn it off. While we support Google taking steps to protect other hardware identifiers from unnecessary access, its continued support of the advertising ID—a “feature” designed solely to support tracking—undercuts the company’s public commitment to privacy,” he wrote.
In order to address this, Cypher explained that the advertising ID should not be a default setting and users should be provided with an easier way to turn it off. Cypher also noted that while Apple’s iOS has similar identifiers for advertisers that contradict with its privacy campaign, it does enable users to turn off the tracking.
“This should be simple. If an app doesn’t need access to the Internet, it shouldn’t have it. And users should be able to decide which apps can and can’t share data over the network,” he wrote.