How a European Commission antitrust ruling could impact Android privacy
The threat of billions of dollars in European Commission antitrust fines could force Google, in the very near future, to give phone makers a chance to make Android far more respectful of consumer privacy.
In fining Google 4.34 billion euros, or $5.08 billion, for abusing its market power, the European Commission is requiring the Silicon Valley powerhouse to change basic rules associated with its mobile operating system within 90 days. If it doesn’t make those changes, it stands to get socked with extra penalties of up to 5 percent of the global revenue of its parent company, Alphabet, which reached $32.7 billion in the second quarter.
Specifically, the Commission called out Google for requiring manufacturers of Android phones to preinstall its Chrome browser and search app as a condition to license its Play app store; for paying manufacturers and network operators to ensure that its search app has no preinstalled competition; and for banning manufacturers from shipping devices running an unapproved alternative, or “forked,” version of Android’s open-source code.
READ MORE ON ANDROID SECURITY AND PRIVACY
Fragmentation likely to hinder Android P’s security chops
Google Play is an ‘order of magnitude’ better at blocking malware
Opinion: To stay safer on Android, stick with Google Play
Parallax Primer: Why are Androids less secure than iPhones?
How to FBI-proof your Android
Hidden inside Dark Caracal’s espionage apps: Old tech
How to wipe your phone (or tablet) for resale
“Our decision stops Google from controlling which search and browser apps manufacturers can preinstall on Android devices, or which Android operating system they can adopt,” Competition Commissioner Margrethe Vestager wrote in a statement.
What could phone vendors do with this newfound latitude? Let’s imagine a best-case scenario.
The privacy-first fork of Android
The No. 1 critique of Android is that updates take too long, something the Commission ruling might make worse by crimping Google’s control of the platform. The No. 2 complaint, however—that it lets Google collect too much data—is something the Commission ruling could potentially address.
Suppose that a phone vendor, envious of Apple’s success at selling privacy as a feature, chose to distinguish its Android phone not by troweling on a tacky interface but instead by limiting the personal data Google can access with its default apps.
Any user could still install and use the Google apps they want, but most people today still stick with what a phone presents to them: Microsoft’s well-regarded Outlook app for Android has found its way to about a tenth as many Android devices as Google’s Gmail app, going by Play Store estimates.
So the default search would be the tracking-free DuckDuckGo, which has built a growing business by not storing users’ search histories, leaving session cookies in their browsers or even logging their computers’ Internet Protocol addresses. The default browser would be Mozilla Firefox, a close second to Apple’s Safari in its privacy defenses.
The default mapping/navigation app would be something besides Google (and its Waze), though that would be a difficult choice, considering how much more advanced Google’s mapping technology is than that of rival apps available on Android. (Microsoft’s Bing comes close to replicating Google’s utility, though it doesn’t offer cycling directions.)
Privacy settings on this version of Android would default to keeping your data confidential. The result would be a phone that, from the start, collects much less data about your use of it—which, assuming this were based on Google’s upcoming Android P update, would also include that edition’s stricter controls on third-party apps.
You’d basically add the privacy optimization of an iPhone. And while you wouldn’t lose a headphone jack in the process, you might end up spending more. In a July 18 blog post, CEO Sundar Pichai implied that it might become necessary to charge licensing fees for Android, which would lead most vendors to pass those fees on to the customer.
Historical precedents are iffy
This hypothetical privacy-first phone would also offer a huge advantage over earlier Android-hacking experiments by including the Google Play Store, which the Commission statement calls out as a “must-have” and security experts note is more secure than other Android app stores.
The lack of the Play Store was the anvil of the anchor that dragged down the most publicized attempt to ship a privacy-optimized Android: Silent Circle’s Blackphone and Blackphone 2. Both touted locked-down privacy and secured communications at a high price; the company no longer sells them in North America.
Two other alternate-Android ventures, Amazon’s Fire Phone and Nokia’s X, also suffered greatly from not including the Play Store–Amazon wanted to push its own Appstore, while Nokia tried to use Android’s code to build an operating system compatible with low-end smartphones.
In 2010, Samsung and Verizon were able to combine the Play Store with a Microsoft Bing-centric search experience on the Fascinate—but that was an awful phone, not least because Bing was a weak replacement for Google then, lacking such basics as an option to filter search results by date.
The struggles of anti-Google search engine DuckDuckGo to gain market share over the past few years also add to the startup-stifling picture. The Commission ruling notes that Google stopped prohibiting phone vendors from installing competing search apps in 2014, but that doesn’t mean that the little guys have received a boost in support. (Weinberg noted that NetMarketShare data suggests that DDG’s share in Android is less than a third of its share in iOS, which is already tiny, at 0.18 percent.)
“In 2017, we were added as an option in Samsung’s Internet browser, but that’s really the only traction we’ve gotten to date from Android vendors,” DuckDuckGo CEO Gabriel Weinberg wrote in an e-mail.
Apple, meanwhile, continues to keep Google as the default search in iOS in exchange for traffic acquisition payments that the asset management firm Bernstein estimated at $3 billion in 2017. And last year, it switched Siri’s Web search engine from Bing to Google.
On the browser front, Android phone vendors such as Samsung and LG have been able to bundle their own, regardless of quality. Third-party options such as Firefox and Opera, meanwhile, have seen no such attention on a smartphone since the 2015 demise of the Mozilla Foundation’s Firefox OS phone project.
In a July 18 blog post, Mozilla Chief Operating Officer Denelle Dixon expressed hope that the Commission ruling “will help level the playing field for mobile browsers like Firefox.”
Self-help remains an option
Of course, you don’t have to wait for the Commission or Google to create a privacy-first version of Android for yourself.
On your Android device, you can change the default search in Chrome to DuckDuckGo: Visit the site, tap Chrome’s menu button, tap “Settings,” then “Search engine,” and you should see DDG under a “Recently visited” heading.
You can download Firefox, Bing, and other apps from the Play Store, and set them as your defaults in Android’s Settings.
And you can wipe away the Google search box either by tapping and holding it before dragging it to the trash, or by installing another “launcher” app (again, Microsoft offers a decent alternative).
But I suspect that most people reading this won’t go to that trouble for two reasons: Google provides an effective Web search and, after a shove from the European Union’s General Data Protection Regulation, now offers better controls of its data collection.
Meanwhile, nothing you can do will stop your wireless carrier from tracking your location and storing that information for years without giving you any say-so. Any fix for that will have to come from Washington, not Brussels.