Categories: Android, Google

Should Contact-Tracing apps really require to enable GPS?

In the last blog post, I looked at how Google nudges user towards its location service through which it can collect non-anonymous location data. Even on devices which use Google location services, location data can only be collected when the Android Location Setting (ALS) is on. In this blog post, we discuss one instance on which Android is designed to force users to turn on ALS without any justification: when they wan to scan Bluetooth. Indeed, since Android 6, in addition to having to obtain the location permission (a relevant requirement), apps that want to scan BLE must also make sure that ALS is on. To the best of our knowledge, this second restriction (wich we will refer as the “ALS restriction”) has never been documented or justified and is quite meaningless. Incidentally, until recently, it could have been circumvented and some contact tracing app unintentionally did.

Google Location Services: does fortune still favor the brave?

In August, documents from the Google vs Arizona case were published. Many sections of these documents have been redacted but some interesting emails went though. In one of these emails a Google Software Engineer is puzzled by the way Android keeps prompting users to enable Google Location Services (a.k.a Google Location Accuracy). In this post, I detail how Google nudges Android users toward its own location service in order to collect their location data. Beyond the question of using nudges to collect more data, I discuss the compliance of these with EU regulation. Finally, by this self-preferencing services through which they collect location data, Google get an edge over competing Android location-based services…

Could P2B force Apple to be more transparent about iOS APIs?

The Platform-To-Business regulation started to apply on July 12th. This regulation aims to shed more light on the relations between platforms and companies P2B. The regulation scope includes app stores. In this post I am interested in P2B’s impact on Apple’s app store and iOS APIs…

Who pay for processing my personal data ?

Last November I submitted a data access request to Google. One month later (which is the maximum delay to provide a first answer), Google informed me that my request would take some time to be processed. Two months later Google offered another answer … and told me that they won’t be able to respond to my request.

Categories: Google

More on Chrome updates and headers

I’m not the only one who has been unpleasantly surprised by the way Chrome now handles logins on Google services (more on Techmeme). This new feature was unexpected, it was also not announced in Google post about the Chrome update, there is no simple opt-out, it makes the Chrome Privacy Policy outdated and it confusingly as creates different user experiences on Android and on desktop. Indeed, for your browsing activity to be linked to your Google account you must sign-in on the browser and enables browser synchronization. On desktop, signing-in to the browser is almost mandatory but synchronization is off by default, on Android sign-in is off by default, but as soon as you sign-in synchronization is enabled. This are about to get even more complicated as Google introduce a new features that sends data to Google even when synchronization is off…

Categories: Google, Policy, Search

Finding a balance between access to info and privacy

On June 28, a decision of European Court of Human Rights reanimated the debate about the Right To Be Forgotten. The court rejected the request to delete some content on a website, considering that the right to access to information prevailed. The court made an interesting distinction with the Right To Be Forgotten applied to search engines. Search engines and publishers have different purpose so the ECtHR refers to ECJ decision for the search engines.

Categories: Google, Policy, Search

How Google is tracking Safari users on third party sites

A couple of weeks ago, google started to stop redirected users from to localized versions of the search engine. This rather innocuous change is likely to have effect on the way safari anti tracking protection copes with Google cookies. Indeed, Safari now deletes cookies of sites you have not interacted with over the last 24 hours [1]. If you type and then are redirected to, you actually don’t interact with  So Safari does not give Google a 24h permission to track you on other domains of the search engine.That won’t happen if Google stop redirecting users and just let them on where they will interact with the search bar and other elements…

Cross checking IAB’s numbers

It looks like on Mobile the numbers  IAB’s reports are based on mostly reflect the dynamic of Google and Facebook advertising revenues, not those of average App developers…

Categories: Facebook, Google

The missing clauses in Google’s “Customer Match”

In September Google announced “Customer Match”, a new tool for advertisers to target their existing customer using their email addresses. “Customer match” is almost like Facebook’s “Custom Audiences” but Google and Facebook seem engaged in “a privacy race to the bottom” and Google may have taken the lead…

Categories: Uncategorized

Protected: Cookie Reidentification with Social Network

This content is password protected. To view it please enter your password below: