With the recent announcement that Google may become embroiled in yet another class action lawsuit regarding their predatory privacy practices, we’re left to wonder: For how much longer will developers be forced to rely on tools, such as Firebase and others in the Google ecosystem, that take advantage of their users?

Interest from users regarding privacy and security is only growing after the passing of GDPR. For companies like Google who thought user interest in these affairs would wane, they are being proven demonstrably wrong.

Users are making one thing very clear: They want greater control over their data.

No longer will they make do with the illusory promise from a time gone by that we should implicitly trust these companies. No more hand-waving about how data isn’t being collected. No more deceptions about how it isn’t being sold. No more excuses.

Users just want control. That’s it. Their stance is clear. And with the recent death of IDFA, Apple is following suit, starting what is sure to be an industry-wide change in how mobile advertising works.

In this post, we’ll cover the current state of privacy, especially with regards to Google’s mobile tooling, and why now is the perfect time for developers to look at alternatives that will better serve their users’ interests. After all, there’s no shortage of mobile tools that respect users rather than use them as a means to subsidize their data collection activities.

It’s Google’s world; we just live in it

At least that’s what it seems like sometimes. After all, we already know Google Search and Google Analytics absolutely dominate the web. With these two services, Google has taken ~71% of the global search engine market share[1] and about 84% of the global market share for web traffic analysis tools[2]. However, even worse for wear, few know about Google’s dominance in advertising that makes them a mainstay in even non-Google-hosted pages.

Since GDPR, ever-present helpful, yet irksome, pop-ups have become constant reminders of just how intrusive the modern web is.

But Google does much more than just web.

Google owns Android, and though it is now open source, about 70%[3] of Android devices run a version with Google Mobile Services (GMS) installed to access things like Google, Google Play Store, and Google apps. These services all make Google money through mobile advertising, app installs, in-app payments, Play Store media sales, etc. In these services, Google collects troves of user data to enable better ad targeting.

And note that a user doesn’t have to use Google services to have their data collected. Simply using an Android device will result in data collection and tracking.

The problem with Google Firebase

Firebase is an SDK that mobile developers install into apps to provide functionality like crash reporting, performance monitoring, database storage, and authentication.

It also is a prerequisite for using Google Analytics or other Google ad services in a mobile app. As such, mobile developers often install Firebase, resulting in it being used in ~84% of the Top 200 Android apps and ~47% of the Top 200 iOS apps[4][5]. And these numbers, as large as they are, might actually be underreporting the true figures once you consider things like white-label apps, where multiple apps all share the same core code base.

Developers can use much of the Firebase platform for free, so mobile teams also adopt it over other tools as part of cost-saving efforts. And, like what seems to be the case with most Google products, Firebase is willfully neglectful regarding user privacy. According to the class action lawsuit referenced above, even if users turn off “Web and App Activity” tracking in their Privacy Controls, Google still collects and stores their personal data.

iOS14’s attack on Google

Those that tuned into WWDC20 learned that Apple will now notify users who are being tracked for IDFA across platforms and applications.[6] This is a roundabout way of saying: IDFA is dead. Apple, without dealing the final blow themselves, is putting privacy into the hands of its users so that they no longer must share their personally identifiable information (PII) just so companies can better measure ad spend.

Apple plans to utilize its own ad platform to share privatized versions of this data so that users aren’t tracked and companies can still benefit from their ad campaigns.

This Apple service starkly contrasts Google’s own services for advertising based on that single point—Privacy. Apple is known for its battles for user privacy. From fighting attempts to force defendants to unlock phones in criminal cases to refusing requests for personal data, Apple has worked hard to earn and keep its users’ trust.

On the other hand, we have Google, who has faced multiple privacy lawsuits[7][8][9][10], given data without a fight to law enforcement[11], frequently responded to requests for data[12], and allegedly continues to monitor its users after they have declined to give their consent.

Over and over again, users are demanding privacy during their web and mobile experiences.

So, how does this impact how we function as a mobile community?

Use tools that favor user privacy

Free tools must make money somewhere, and in Google’s case, we’ve seen that translate into collecting user data for the purposes of advertising.

But it doesn’t have to be this way. There are tools that care about user privacy and have a very simple revenue model—to be compensated only with a yearly revenue stream.

These privacy-focused tools care about your users.

But ultimately, the first steps of change must and can be taken by developers. As mobile developers, we must remember that the tools we choose have benefits and costs. Yes, these licenses may be expensive monetarily, but they do not risk unexpected costs in regards to reputation.

After all, when a user hears your application uses Firebase for its Ad SDK, what do you think their response will be?

VPs of Engineering, you know that your product teams and software engineers work hard to give users a seamless in-app experience. How would it feel knowing that your user feels your application is uncomfortable to use, unsafe, or even invasive?

These free tools do not care about your app. They will take advantage of malware-like techniques to override your own application functionality to start collecting data as soon as possible. You need look no further than the multiple Facebook SDK outages this year to know that with free tools, you ultimately get what you pay for.

Now is the time, more than ever, to take a hard look at your tooling, especially your 3rd Party SDKs.

Here’s a quick checklist on how you can evaluate your tools with respect to user privacy:

  • Are they doing what they are supposed to?
  • Are they sending more network calls than necessary?
  • Are they GDPR-compliant and do they discuss privacy?
  • Do they store any PII?
  • Do they negatively impact app performance?

When you’re given the choice, choose not what’s most convenient but what’s best. Choose your application’s reputation. Choose privacy. Choose your users. Because, at the end of the day, the trust you earn from that choice and the fact that you’re on the user’s side will keep your users coming back every time.

Who we are

Embrace is a a data driven toolset to help mobile engineers build better experiences. We are private by default and do not collect any personal information unless you specifically request it. And only then, only to send it to you. We are GDPR and CCPA compliant.

We provide mobile teams with the technical data needed to identify, prioritize, and solve issues faster. We are a one-stop shop for monitoring mobile app health across features and releases. If you’d like to learn more about Embrace, you can check out our website or request a demo.

References:

  1. Netmarketshare
  2. Web Technology Surveys
  3. Wikipedia
  4. MightySignal
  5. MightySignal
  6. Forbes
  7. Forbes
  8. ClassAction
  9. CNN
  10. Wikipedia
  11. NBC News
  12. Google Transparency Report