Privacy-Focused Android Q Still Lets Advertisers Track You (sdtimes.com) 63
"The upcoming version of the Android operating system is taking a strong focus on privacy," reports SD Times, "but the Electronic Frontier Foundation (EFF) believes it could still do better."
Android Q's new privacy features include: user control over app access to device location, new limits on access to files in shared external storage, restrictions on launching activities, and restrictions on access to the device's hardware and sensors... "However, in at least one area, Q's improvements are undermined by Android's continued support of a feature that allows third-party advertisers, including Google itself, to track users across apps," Bennett Cyphers, engineer for the EFF, wrote in a post. "Furthermore, Android still doesn't let users control their apps' access to the Internet, a basic permission that would address a wide range of privacy concerns."
According to Cyphers, while Android Q has new restrictions on non-resettable device identifies, it will allow unrestricted access for its own tracking identifier [called "advertising ID"]... "Facebook and other targeting companies allow businesses to upload lists of ad IDs that they have collected in order to target those users on other platforms," he wrote... "On Android, there is no way for the user to control which apps can access the ID, and no way to turn it off. While we support Google taking steps to protect other hardware identifiers from unnecessary access, its continued support of the advertising ID -- a "feature" designed solely to support tracking -- undercuts the company's public commitment to privacy," he wrote...
Cypher also noted that while Apple's iOS has similar identifiers for advertisers that contradict with its privacy campaign, it does enable users to turn off the tracking.
In fact, Android Q also ships with an "opt out of ad personalization" checkbox where users can indicate that they don't want Google's identifier to track them, Cyphers reports -- but "the checkbox doesn't affect the ad ID in any way.
"It only encodes the user's 'preference', so that when an app asks Android whether a user wants to be tracked, the operating system can reply 'no, actually they don't.' Google's terms tell developers to respect this setting, but Android provides no technical safeguards to enforce this policy."
According to Cyphers, while Android Q has new restrictions on non-resettable device identifies, it will allow unrestricted access for its own tracking identifier [called "advertising ID"]... "Facebook and other targeting companies allow businesses to upload lists of ad IDs that they have collected in order to target those users on other platforms," he wrote... "On Android, there is no way for the user to control which apps can access the ID, and no way to turn it off. While we support Google taking steps to protect other hardware identifiers from unnecessary access, its continued support of the advertising ID -- a "feature" designed solely to support tracking -- undercuts the company's public commitment to privacy," he wrote...
Cypher also noted that while Apple's iOS has similar identifiers for advertisers that contradict with its privacy campaign, it does enable users to turn off the tracking.
In fact, Android Q also ships with an "opt out of ad personalization" checkbox where users can indicate that they don't want Google's identifier to track them, Cyphers reports -- but "the checkbox doesn't affect the ad ID in any way.
"It only encodes the user's 'preference', so that when an app asks Android whether a user wants to be tracked, the operating system can reply 'no, actually they don't.' Google's terms tell developers to respect this setting, but Android provides no technical safeguards to enforce this policy."
So the "privacy focus" is a marketing lie? (Score:5, Funny)
Makes perfect sense to me. At least they are consistent.
Re: (Score:2)
Google wants to be the sole arbiter of the users' private information.
Re: So the "privacy focus" is a marketing lie? (Score:1)
People need to flee Google products if they want this behavior to change.
Re: (Score:2)
I think you need to acknowledge that nobody using these products cares with the exception of a small group of nerds.
The idea only a subset of people with background necessary to understand the underlying technology care is laughable on its face.
Sorry but your info gets sold even by the government. Best to go hide under a rock if you are that concerned.
Or switch to a platform not owned and operated by slime.
Google knows this so they make some small gesture towards privacy while keeping the ability to track their users.
The current environment in which Google gets to rape the privacy of the majority of the worlds population is unsustainable. If they don't get serious soon governments the world over will force necessary corrections.
Re: (Score:1)
Or switch to a platform not owned and operated by slime.
there is no alternative. The other mobile OS options are even more closed off.
Re: So the "privacy focus" is a marketing lie? (Score:5, Informative)
there is no alternative. The other mobile OS options are even more closed off.
https://www.pine64.org/pinepho... [pine64.org]
Re: (Score:2)
That looks very interesting and I'm curious to find out the price. In other words, are we talking under $500 or so, or will it be in the $800 ~ $1000 range?
At $500 or less I might seriously consider it. Under $300 and I'd almost certainly give it a try.
Re: (Score:3)
That looks very interesting and I'm curious to find out the price. In other words, are we talking under $500 or so, or will it be in the $800 ~ $1000 range?
At $500 or less I might seriously consider it. Under $300 and I'd almost certainly give it a try.
Cost will be about $150.
Re: (Score:2)
Cost will be about $150.
Seriously? That would clinch it...in that case I'd probably buy two, one to use and one as a backup.
Re: (Score:2)
No, TFA is a lie.
Settings -> Google -> Ads -> Reset Advertising ID
I checked out the beta a month ago and that option is still there. There is a free app called "Device IDs" that lets you view all that data, and on Q all but the advertising ID and local IP address were unavailable. TFA is right that a built in firewall would be nice.
Re: (Score:2)
Settings -> Google -> Ads -> Reset Advertising ID
Resetting it is not the same as disabling it. I can tell my browser to clear cookies on exit, but that still means that I'll be tracked across all of the websites that I visit until I exit.
We need something which generates a separate Advertising ID for every app, and then resets those periodically.
Re: (Score:2)
I agree. Unfortunately without rooting the phone it doesn't seem to be possible.
Re: (Score:2)
It is a pretty sad state of affairs if you have to compromise a device you own in order to get acceptable security.
relative (Score:2)
It's all relative. If they make one incremental improvement in privacy over the previous version their job is done.
Root is the Only Solution (Score:2)
So long as you can root the phone, sandbox those silly app permission, and run an adblocker, Google can't deliver diddly!
Oh and that APK guy can go stick his head in an oven lit remotely by Ms. Hudson.
Re: Root is the Only Solution (Score:1)
Ms Hudson?
You meant Mr. Hudson.
Tom Hudson is a guy. Man. Male. XY chromosomes. Dude.
Tom can ask people to call him Barbara, take hormones, lop off his cock, wear make up and skirts, get implants. Still a guy. An emotionally crippled and highly disturbed guy, but still a guy.
Don't feed and support someone's mental illness. It's cruel and wrong.
thanks google (Score:3)
now is the time for a GNU/GPL FOSS Linux smartphone, with a selection of distros for users to choose from that actually respects people's privacy
Re: (Score:2)
I own a Gemini PDA [planetcom.co.uk], it dual-boots into Android or Debian and it's a very good device. Debian isn't quite there yet if I'm honest, but the Android bit is great on that one: it's rooted by default, it's the AOSP version of Oreo, and I've de-Googled the bejesus out of it, so that it's almost as neutered as I want it to be.
Re: (Score:2)
I liked the look of the Gemini, and maybe some lucky people have one, but -- from here outside the UK -- it looks like vapor to me. Their website allows one to place an order, but very carefully stays away from specifying how soon after order one will be shipped, as well as how long to reach destination from the date of their shipping. There is a webform to submit a query, so I asked these questions (how long til ship, how long til arrival); that was a month ago, I've heard nothing. The original fundin
Re: (Score:2)
If you know of resources I've not discovered, please post them here.
I wish they had updates on their official website, but instead, you have to track the Updates tab of their IndieGoGo page. [indiegogo.com] They appear to have completed the first production run and are in the midst of QC. Most recent update continues:
Mass production is now scheduled to start in the last week of August, following the PR2 production run that is mid-August.
We will also be holding a press event in late August to show the Cosmo in its full glory.
We realise that the above final schedule has introduced about a month's delay from the schedule posted in the backer update posted on the 31st of March, and we are sorry about this delay, but this extra time is necessary to get the Cosmo right - both on the hardware and software side.
Re:thanks google (Score:4, Insightful)
Why not just put another OS on existing hardware?
Lineage OS for example:
https://wiki.lineageos.org/dev... [lineageos.org]
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
That's so clever. Did you just wake up from 2012 and that's the first meme that came to mind?
Are viewers the Broadcast Television networks' product, too? Are readers the New York Times' product?
Tired, tired.
Re: (Score:2)
JeffOwl, I appreciated your post, no matter what Cmdln Daco says.*
*Disclaimer: Due to my age (and user ID,) to me 2012 feels like two weeks ago.
standardization by another name (Score:3)
This does practically nothing to abet privacy, but it sure does standardize Android tracking around Google's favourite identifier.
Don't miss next Tuesday's all-you-can-eat cake-having party in the main Googleplex atrium.
Re: (Score:2)
It walls out all competing malware. Google wants that valuable information only for themselves and those they choose to share with.
blockers & VPN (Score:2)
“Privacy Focused” (Score:2)
You keep using that term. I do not think it means what you think it means.
Re: (Score:2)
Smartphones cannot be secure in any way (Score:4, Insightful)
Mod parent up (Score:2)
your smartphone is never, ever going to be 'secure'. You want secure? Give up your smartphone.
^^^^This. 100% correct.
Smartphones will never truly be secure because they live within an ecosystem that is not secure.
Uh huh (Score:2)
"The upcoming version of the Android operating system is taking a strong focus on privacy,"
As opposed to all the previous versions...
"new limits on access to files in shared external" (Score:2)
In other words things will break again and will get crippled even more and there will be no way to go back (unless you root your device, already not possible on many). I mean for completely legit backup/sync apps, for everything inside termux (like rsync, sftp, etc.) but not only limited to that and so on. Thank you Google for protecting us from ourselves.
"unsecue" By design (Score:1)
We need new hardware and new software. I can't imagine a "secure" android OS or device.
Q Ships (Score:3)
In WW2 Q ships were modified cargo vessels. They would pretend to be damaged or lost in order to lure U boats into attacking them on the surface. Then panels would open and guns pop out and blow the beastly huns to bits.
I'm sure it's only the letter Q that reminded me of that, and not the deception bit at all.