Tag Archives: Transparency

Safer and More Transparent Access to User Location

Posted by Krish Vitaldevara, Director of Product Management Trust & Safety, Google Play

Last year, we made several changes to our platform and policies to increase user trust and safety. We’re proud of the work we’ve done to improve family safety, limit use of sensitive permissions, and catch bad actors before they ever reach the Play Store.

We realize that changes can lead to work for developers. Last year, you told us that you wanted more detailed communications about impactful updates, why we’re making them, and how to take action. You also asked for as much time as possible to make any changes required.

With that feedback in mind, today, we’re previewing Android and Google Play policy changes that will impact how developers access location in the background.

Giving users more control over their location data

Users consistently tell us that they want more control over their location data and that we should take every precaution to prevent misuse. Since the beginning of Android, users have needed to grant explicit permission to any app that wants access to their location data.

In Android 10, people were given additional control to only grant access when the app is in use, which makes location access more intentional. Users clearly appreciated this option as over half of users select “While app is in use.”

Now in Android 11, we’re giving users even more control with the ability to grant a temporary “one-time” permission to sensitive data like location. When users select this option, apps can only access the data until the user moves away from the app, and they must then request permission again for the next access. Please visit the Android 11 developer preview to learn more.

Preventing unnecessary access to background location

Users tell us they also want more protection on earlier versions of Android - as well as more transparency around how apps use this data.

As we took a closer look at background location usage, we found that many of the apps that requested background location didn’t actually need it. In fact, many of these apps could provide the same user experience by only accessing location when the app is visible to the user. We want to make it easier for users to choose when to share their location and they shouldn't be asked for a permission that the app doesn't need.

Later this year, we will be updating Google Play policy to require that developers get approval if they want to access location data in the background. Factors that will be looked at include:

  • Does the feature deliver clear value to the user?
  • Would users expect the app to access their location in the background?
  • Is the feature important to the primary purpose of the app?
  • Can you deliver the same experience without accessing location in the background?

All apps will be evaluated against the same factors, including apps made by Google, and all submissions will be reviewed by people on our team. Let’s take a look at three examples:

An app that sends emergency or safety alerts as part of its core functionality - and clearly communicates why access is needed to the user - would have a strong case to request background location.

A social networking app that allows users to elect to continuously share their location with friends would also have a strong case to access location in the background.

An app with a store locator feature would work just fine by only accessing location when the app is visible to the user. In this scenario, the app would not have a strong case to request background location under the new policy.

When we spoke to developers for feedback, the vast majority understood user concerns over their information falling into the wrong hands and were willing to change their location usage to be safer and more transparent.

Getting approval for background access

We know that when we update our policies, you want to get actionable feedback and have ample time to make changes. Before we implement this policy change, you will be able to submit your use case via the Play Console and receive feedback on whether it will be allowed under the new policy.

We anticipate the following timeline for this policy rollout; however, it is subject to change.

  • April: official Google Play policy update with background location
  • May: developers can request feedback on their use case via the Play Console with an estimated reply time of 2 weeks, depending on volume
  • August 3rd: all new apps submitted to Google Play that access background location will need to be approved
  • November 2nd: all existing apps that request background location will need to be approved or will be removed from Google Play

Review and evaluate your location access

We encourage all developers to review the following best practices for accessing location data in their apps:

  • Review the background location access checklist to identify any potential access in your code. Remember you are also responsible for ensuring all third party SDKs or libraries that you use comply with our policies, including access to background location.
  • Minimize your use of location by using the minimum scope necessary to provide a feature (i.e., coarse instead of fine, foreground instead of background).
  • Review privacy best practices and ensure you have the proper disclosure and privacy policies in place.

We hope you found this policy preview useful in planning your roadmap for the year and we appreciate your efforts to build privacy-friendly apps. Together, we can keep the Android ecosystem safe and secure for everyone.

New numbers and a new look for our Transparency Report

We launched the Transparency Report in 2010 to show how laws and policies affect access to information online, including law enforcement orders for user data and government requests to remove information. Since then, many other companies have launched their own transparency reports, and we’ve been excited to see our industry come together around transparency.

After doing things the same way for nearly five years, we thought it was time to give the Transparency Report an update. So today, as we release data about requests from governments to remove content from our services for the ninth time, we’re doing it with a new look and some new features that we hope will make the information more meaningful, and continue to push the envelope on the story we can tell with this kind of information.

More about that shortly—first, the data highlights. From June to December 2013, we received 3,105 government requests to remove 14,637 pieces of content. You may notice that this total decreased slightly from the first half of 2013; this is due to a spike in requests from Turkey during that period, which has since returned to lower levels. Meanwhile, the number of requests from Russia increased by 25 percent compared to the last reporting period. Requests from Thailand and Italy are on the rise as well. In the second half of 2013, the top three products for which governments requested removals were Blogger (1,066 requests), Search (841 requests) and YouTube (765 requests). In the second half of 2013, 38 percent of government removal requests cited defamation as a reason for removal, 16 percent cited obscenity or nudity, and 11 percent cited privacy or security.

As for the redesign, we’ve worked with our friends at Blue State Digital on a more interactive Transparency Report that lets us include additional information—like explanations of our process—and highlight stats. We’ve also added examples of nearly 30 actual requests we’ve received from governments around the world. For example, we have an annotation that gives a bit of descriptive information about our first government request from Kosovo, when law enforcement requested the removal of two YouTube videos showing minors fighting. If you’re looking for details on the content types and reasons for removal, use the Country explorer to dig into those details for each of the listed countries.

Our Transparency Report is certainly not a comprehensive view of censorship online. However, it does provide a lens on the things that governments and courts ask us to remove, underscoring the importance of transparency around the processes governing such requests. We hope that you’ll take the time to explore the new report to learn more about government removals across Google.

Promoting transparency around Europe

When eight technology companies presented a plan this month to reform government surveillance, a key request concerned transparency. At Google, we were the first company to publish a transparency report detailing the requests we receive from governments around the world to bring down content or hand over information on users.

But Google’s report represents only a narrow snapshot. It is limited to a single company. Imagine instead if all the requests for information on Internet users and for takedowns of web content in a country could be published. This would give a much more effective picture of the state of Internet freedom. As the year draws to a close, we’re happy to report that Panoptykon, a Polish NGO, published this month a preliminary Internet transparency report for Poland and Fores, a Stockholm-based think tank, issued a study in Sweden.

In Poland and Sweden, we helped initiate these transparency efforts and supported them financially. NGOs in six other European countries are working on national transparency reports. Our Estonian-supported transparency coalition already published a report last spring. In addition, university researchers in Hong Kong moved ahead over the summer with their own report. In Strasbourg, the Council of Europe recently held an important conference on the subject and hopefully will move ahead to present a series of recommendations on transparency for its 47 members.

Each transparency campaign takes a different approach - we hope this process of experimentation will help all of us learn. The Estonian effort, titled Project 451, focuses on content removals, not government surveillance, because the authors believe this is the most important issue in their country. The name of Project “451″ refers to HTTP Status Code 451, defined as “unavailable for legal reasons” and the report found that many web platforms were taking legal content down due to fears of legal liability.

The new Polish and Swedish reports attempt to shed light on government requests for information on users. Fores contacted 339 Swedish authorities and found that more than a third had requested data about users or takedowns of user-uploaded content. Panoptykon uncovered that Polish telcos received 1.76 million requests for user information in 2012, while Internet companies polled received approximately 7,500. In addition, Panoptykon discovered that many Polish government requests for information on users were based on a flawed or unclear legal basis.

Admittedly, both the Swedish and Polish reports remain incomplete. Not all Internet companies participated. Much relevant data must be missing. Like with our own Google report, we hope to continue filling in the holes in the future. Our aim is to see this campaign gather momentum because the bottom line is transparency is essential to a debate over government surveillance powers.

Transparency Report: Government removal requests rise

Cross-posted with Official Google Blog

We launched the Transparency Report in 2010 to provide hard evidence of how laws and policies affect access to information online. Today, for the eighth time, we’re releasing new numbers showing requests from governments to remove content from our services. From January to June 2013, we received 3,846 government requests to remove 24,737 pieces of content—a 68 percent increase over the second half of 2012.

Over the past four years, one worrying trend has remained consistent: governments continue to ask us to remove political content. Judges have asked us to remove information that’s critical of them, police departments want us to take down videos or blogs that shine a light on their conduct, and local institutions like town councils don’t want people to be able to find information about their decision-making processes. These officials often cite defamation, privacy and even copyright laws in attempts to remove political speech from our services. In this particular reporting period, we received 93 requests to take down government criticism and removed content in response to less than one third of them. Four of the requests were submitted as copyright claims.

You can read more about these requests in the Notes section of the Transparency Report. In addition, we saw a significant increase in the number of requests we received from two countries in the first half of 2013:
  • There was a sharp increase in requests from Turkey. We received 1,673 requests from Turkish authorities to remove content from our platforms, nearly a tenfold increase over the second half of last year. About two-thirds of the total requests—1,126 to be exact—called for the removal of 1,345 pieces of content related to alleged violations of law 5651.
  • Another place where we saw an increase was Russia, where there has been an uptick in requests since a blacklist law took effect last fall. We received 257 removal requests during this reporting period, which is more than double the number of requests we received throughout 2012.

While the information we present in our Transparency Report is certainly not a comprehensive view of censorship online, it does demonstrate a worrying upward trend in the number of government requests, and underscores the importance of transparency around the processes governing such requests. As we continue to add data, we hope it will become increasingly useful and informative in policy debates and decisions around the world.