Android “Kitkat” Update – New Privacy Features

Android “Kitkat” Update – New Privacy Features

As the new Android OS 4.4 codenamed “KitKat” is now available for the latest Nexus phones (and will be available for Nexus 4, 7, 10 and Google Play editions of the Samsung Galaxy S4 and the HTC One in the coming weeks), it’s time to take a look at the system’s new privacy features.  Here is what we found:

New Privacy-friendly features

New “Advertising ID”

Prior to the KitKat update, ad networks and advertisers would track users through the device’s “Android ID.”  Typically, apps would pass this ID to ad networks, which would hash it and use it to track users as they interacted with various apps.

The Android ID could only be reset by wiping the entire device. Opting out required the user to visit the third-party ad network’s site and enter in his or her device’s (lengthy) ID.

KitKat contains a new identifier called the “Advertising ID.”  This new ID is subject to a new user setting can be used to opt-out of “behavioral advertising.”  According to Google, when a user activates this Opt-Out setting, the Advertising ID will only be used for contextual advertising, frequency capping, conversion tracking, reporting and security and fraud detection.

Users running Android 2.3 or later can access these new settings via the following steps: in Google Settings, select “Ads” and you will see your Advertising ID.  On this screen you can select the option to “Reset Advertising ID.”  Tap the box labeled “Opt Out of interest-based ads” to opt out.

Android Advertising ID

Google writes that beginning August 1st 2014, “all updates and new apps uploaded to the Play Store must use the advertising ID (when available on a device) in lieu of any other device identifiers for any advertising purposes.”  Opting out of interest based ads through the above method only affects apps – it does not affect tracking or targeting on the browser.

More details from Google’s terms:

  • The status of the “Opt out of Interest-based Advertising” setting must be verified on each access of the ID.
  • The advertising identifier will not be connected to personally-identifiable information or associated with any persistent device identifier (for example: SSAID, MAC address, IMEI, etc.,) without the explicit consent of the user.
  • Upon reset, a new advertising identifier must not be connected to a previous advertising identifier or data derived from a previous advertising identifier without the explicit consent of the user.
  • The collection and use of the advertising identifier and commitment to these terms must be disclosed to users in a legally adequate privacy notification.

Google has released technical details for developers implementing the Advertising ID. Greg Sterling has also written a helpful post for MarketingLand summarizing the changes and providing more detail.

Other Privacy Features

Toggle Location On and Off More Easily

Users will be able to adjust their location settings more conveniently via a new tile in Quick Settings.

Enhanced Caller ID

One new feature of Android 4.4 is that the phone app will match incoming phone calls against Google’s various databases in order to display an automatic caller ID. This feature already works for businesses that use Google Places, but the service will be expanded next year to people as well.  This means that if an incoming caller has verified his or her phone number on their Google Account (and allowed the discovery feature), their name and profile photo will show up on the receiving caller’s phone even if the incoming call is not an existing contact.  Note that users can disable this feature by visiting their Google Account Settings page.

Device management built-in

Lost devices can be found or wiped remotely with the Android Device Manager.

We’re excited to see these features implemented and will be watching for new privacy-related updates from Google as more features are rolled out.

Leave a Reply


Privacy Calendar

Dec
2
Tue
all-day IAPP Practical Privacy Series 2014
IAPP Practical Privacy Series 2014
Dec 2 – Dec 3 all-day
Government and FTC and Consumer Privacy return to Washington, DC. For more information, click here.
Dec
11
Thu
9:00 am Progress of the EU Data Protecti...
Progress of the EU Data Protecti...
Dec 11 @ 9:00 am
The EU Member States have agreed to conclude the negotiations on the EU Data Protection draft Regulation in 2015. The process will have arrived at a critical point by the end of this year. The[...]
Jan
26
Mon
8:30 am Privacy as a Profit Center: Leve... @ Old Slip by Convene
Privacy as a Profit Center: Leve... @ Old Slip by Convene
Jan 26 @ 8:30 am – Jan 27 @ 4:15 pm
Learn how those on the leading edge of privacy governance and digital innovation from companies including Cigna, Cisco Systems, eBay Inc. Public Policy Lab, FocusMotion,Ghostery, Goodyear Tire & Rubber Company, Google, HP Enterprise Security Products, JPMorgan[...]
Jan
28
Wed
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]
Mar
4
Wed
all-day Global Privacy Summit 2015
Global Privacy Summit 2015
Mar 4 – Mar 6 all-day
For more information, click here.
Mar
10
Tue
6:00 pm CDT Annual Dinner “TechProm” 2015
CDT Annual Dinner “TechProm” 2015
Mar 10 @ 6:00 pm – 9:00 pm
Featuring the most influential minds of the tech policy world, CDT’s annual dinner, TechProm, highlights the issues your organization will be facing in the future and provides the networking opportunities that can help you tackle[...]
Mar
13
Fri
all-day BCLT Privacy Law Forum
BCLT Privacy Law Forum
Mar 13 all-day
This program will feature leading academics and practitioners discussing the latest developments in privacy law. UC Berkeley Law faculty and conference panelists will discuss cutting-edge scholarship and explore ‘real world’ privacy law problems. Click here[...]

View Calendar