Google Pixel Privacy Issues
By Anonymous | March 9, 2022
I had been a passionate Android and Google Pixel smartphone user for a decade. However, I was very frustrated with Google’s privacy policy because I just could not make sense of it. I did not have a mental model to analyze the privacy of a Pixel device until I started thinking about the ethical, legal, and privacy implications of products and services at the University of California, Berkeley School of Information.
This public advocacy blog is meant for the general public to have a point of view on the potential privacy and legal implications of Google Pixel. There are some fundamental issues1 at play here. The first issue is that Google allows third party user tracking companies to access an advertising id for monetization without user consent. The advertising id, referred to as AdId moving forward, is an identifier uniquely set for personalization of services on the device.
The second issue is that apps running on Android can consume specific functionality of other Android apps circumventing the permissions mechanisms, leading to tighter integration, broader data sharing, and reduced data privacy among Android apps.
The third issue is that ad tracking companies get user’s IP addresses – considered personal as per EU law – and use the addresses for tracking user behavior on the devices without user consent.
The fourth issue is that tracking companies are predominantly based in the US, China and India with very little presence in the EU, leading to violations of EU and UK data protection laws for exchange of personal data beyond the UK/EU without any special safeguards.
The fifth issue is that Android apps leverage third party tracking and share personally identifiable information from children’s apps, sharing more data than necessary and without adequate level of data protection. Lastly, Google does not oblige the data protection law that requires companies to disclose data practices adequately.
Fig 1: Smartphones steal information without your consent
I’ll discuss the above issues based on the principles in the Belmont report, Nissenbaum’s contextual privacy and GDPR. The Belmont2 report is based on three principles – Respect, Beneficence, and Justice. Respect for persons is defined in terms of autonomy given to them in decision making and consent. The principle for Respect also includes respect for persons with diminished autonomy like children, minorities etc. The second principle of Beneficence refers to the notion of maximizing benefits and minimizing harms from privacy violations. Finally, the third principle of Justice refers to equity to each person according to individual effort, societal contribution, merit, and need. On the other hand, Nissenbaum’s3 contextual privacy essentially looks for similarities in the offline world in terms of social norms of privacy and expects digital corporations to apply similar contextual privacy to online worlds of users. For situations where there is no analogous offline social setting, common sense privacy around potential hypothetical offline social settings is recommended. GDPR is more commonly known to us as data privacy principles defined by the EU.
Based on the first Belmont principle of Respect, one could argue that Google Pixel device does not ask for consent from users when sharing AdId or IP addresses as discussed above in the first and third issues. The same is true for children because of their diminished decision making/autonomy as referred to in the fifth issue above. In such situations, Pixel does not ask parents of the children for consent to track and provide ads or personalized services. Google Pixel is a novel enough idea that there is perhaps no social precedent to data privacy in an offline social world. The second issue of tighter integration among Android apps does not bode well for beneficence. In fact, it does the opposite of amplifying harm through privacy violations.
Fig 2: Apps integrated with other Android apps amplifying data sharing
Now, if we analyze Google Pixel through the lens of Nissenbaum’s contextual privacy, we realize that the context is novel and does not have an existing social standard in a similar offline world. In such a case, we have to ask ourselves: Would it be ok for my neighbor, let alone a stranger or a business, to track what I am reading or speaking at home every moment and make notes? Would it be ok for a stranger to track my friends or relatives? Would it be ok for a stranger to track my belief systems, hobbies, interests, or political inclinations? In the current social setting in the USA, the answer is a categorical no and downright creepy. Our personal lives are deeply personal. Therefore, Nissenbaum’s contextual privacy application makes us realize that data sharing without consent is a privacy violation. In fact, GDPR law does not allow transfer of data outside the UK and EU for the sake of tracking. However, most of the tracking companies are located in the USA, China and India and are clearly violating GDPR regulations. Perhaps, these tracking companies are getting away because they are not large enough and it is practically impossible for regulators to track a number of such smaller companies.
Does that mean that Google and the likes should completely disrupt their own business models? As part of Google’s corporate social responsibility and long term sustainability of business model, there should be an enforcement of every professional contributing to the design of the Pixel to insist on higher internal standards irrespective of regulations and laws policing the behavior of their products and services.
References:
1. Proceedings on Privacy Enhancing Technologies. Konrad Kollnig*, Anastasia Shuba, Reuben Binns, Max Van Kleek, and Nigel Shadbolt https://arxiv.org/pdf/2109.13722.pdf
2. The National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research. The Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects of Research. April 18, 1979. https://www.hhs.gov/ohrp/sites/default/files/the-belmont-report-508c_FINAL.pdf
3. Nissenbaum, Helen F. (2011). A Contextual Approach to Privacy Online. Daedalus 140:4 (Fall 2011), 32-48. https://ssrn.com/abstract=2567042