How to strike the right balance between UX and data privacy

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

The mobile industry is at a turning point as OS and app developers struggle to find the perfect balance between UX and data privacy. Recently, public awareness has been zealous in airing the darker side of the “information age.” For instance, The Social Dilemma was the second most-watched documentary film on Netflix, with 38 million viewers by the end of the first month it was on the streaming platform. With increased public awareness and focus on the darker side, it becomes easy to lose sight of the benefits of processing user data. 

Data keeps the mobile ecosystem going

It’s no exaggeration to say that data is what keeps the mobile ecosystem rolling. Device features such as Siri or predictive text use machine-learning algorithms to better anticipate user needs. Mobile apps process user data in the interest of improving the app experience by personalizing features and content. For example, a travel app whose user has booked hotels in Florence, Rome, and Naples may segment them into the group that receives a push notification offering discounted rates for hotels on the Amalfi Coast. Or a news app that leverages its users’ data for an adaptive scheduling algorithm that determines the times of day when they wouldn’t want to receive alerts (e.g., the middle of the night, or during the workday).

Processing user data can even be integral to a feature’s utility, as with weather or traffic apps that provide real-time updates to advise users what actions to take to stay safe on the road. Or, for a more specific example, the Pokémon GO app tracks users’ geolocation data so they can hunt for Pokémon, battle other trainers, and take part in raids in an augmented reality superimposed on the real world. The entire concept of the game collapses if users withhold their data. 

Most device users would agree that the above use cases for data are acceptable, and even preferable, to a non-personalized app experience. However, it’s when apps and websites send user data to 3rd-party advertisers without users’ permission that this enters unethical territory. So, where is the happy medium? Should we sacrifice our use of free apps that provide us an experience tailored to our preferences so we can sit on a growing horde of personal data that benefits no one?

Where is the line when it comes to what data can be used for? Or who has access to it? 

The shift away from cloud processing

Perhaps instead of what or who, what we should really be examining is how our data is processed. And to do that, it’s worth looking at what the leaders of the mobile industry — Apple and Google — are doing in their latest mobile operating systems. 

In September 2021, Apple’s iOS15 went live, and it had some exciting changes in the realm of data privacy. A lot of their new features shows a shift towards Apple trying to design the iPhone to be less invasive, and to keep user data private — even from Apple. Building on the controversial App Tracking Transparency released with the iOS 14.5, which meant apps had to obtain users’ consent before tracking their IDFA to send to advertisers, Apple’s latest features take transparency and data minimization to the next level.

Apple’s new Intelligent Tracking Prevention feature on their Safari browser combines machine learning with device-side processing to hide your IP address from trackers. “Device-side” in this case means that all data processing for this feature occurs locally, on the mobile device itself, rather than the OS transmitting your data to the Apple cloud server. Not only does this mean your data remains 100% private — even from Apple — but by being processed on-device, instead of in a cloud server with trillions of other data points, your data’s vulnerability as a target for being hacked is drastically reduced. 

What’s more, since Intelligent Tracking Prevention data is processed locally, Apple users retain full ownership and access to their data. They can view their Privacy Report of all the cross-site trackers Intelligent Tracking Prevention has blocked in the Safari browser sidebar. 

Apple has moved other data processing features to device-side, including facial recognition. And Siri processes both voice commands and Siri Suggestions entirely on-device, without sending any personal information to Apple’s servers.

Google announces Privacy Sandbox for Android

Likewise, perhaps seeing Apple’s shift towards device-side as an industry bellwether, Google, at last, has plans to extend Privacy Sandbox to Android operating systems. Privacy Sandbox is already at work implementing device-side processing for Chrome web browsers: Google’s Federated Cohort of Learning (FLoC) function replaced conventional third-party browser cookies by recording users browser history 100% on-device.

Advertisers then receive information about the web activity of cohorts of anonymous users, but they have no access to user data, which remains securely on their devices. In this way, it both protects users’ privacy while providing data that’s 95% as accurate for advertisers as what they used to get with cookies.

Privacy Sandbox won’t be active on Android until 2024. However, the fact that they have a few features that process data on-device shows a marked trend in this direction. And while their plans are still nebulous, they have mapped out a few key pillars of their Android Privacy Sandbox moving forward. 

In particular, an algorithm that sorts users into Topics based on which apps they use will take place entirely on-device. Apps and advertisers can then view these cohorts of users to inform decisions on what ads to send. Moreover, because it all occurs on-device, users can access and personalize their Topics in their device settings.

FLEDGE is another function, in which apps define “custom audiences” for ads based on users’ behavioral data in-app. This data, as well as the ads themselves, are stored locally on the device, meaning business can continue to target their existing customers for marketing, but no 3rd-parties will be able to access any identifying data.

Moving forward: Is device-side the answer?

The mobile privacy features of both Apple and Google are very much in flux, and it’s likely that further adjustments are on the horizon. Still, the trend seems to be that storing and processing user data device-side is on the rise. 

Device-side processing not only enables user data to be put to good purpose — without opening it up to unethical or unwanted access from third parties — but it foments a relationship of trust and confidence between mobile devices, apps, and their users. Processing user data on-device means there is a high level of transparency, with users retaining ownership and agency over their own private information. 

While advertisers may be less than pleased about having to compromise, this move towards a mobile industry that prioritizes individual privacy and data ownership is positive on the whole. What’s more, device-side processing has a wide range of benefits for mobile apps — including a more efficient and streamlined computing process, as data no longer has to be transported to an external server for processing and access to a more complete suite of metrics — on top of the fact that it solves data privacy pain points.

With devices, apps, and users all benefitting, it’s well worth keeping an eye on the mobile industry over the next few years, to see how the shift to device-side computing will transform it. 

David Shackleton is the CEO of OpenBack.

Originally appeared on: TheSpuzz