October 06, 2015

Google's New "Now on Tap" Brings Powerful Features -- and Interesting Privacy Issues

Google's new capability in Android M ("Marshmallow") includes a much anticipated capability called "Now on Tap" (NoT). I'm suddenly receiving a lot of privacy-related queries about it. Let's see if we can clear some of this up a bit.

Essentially, "NoT" permits the user to ask Google to provide more information related to the current screen you're looking at in an Android (even non-Google) app. It's similar in some respects to Google's "Now" cards that can (if enabled) provide more information based on your web browsing history, searches, and data explicitly shared with Google by apps -- if these functions are also enabled, of course.

NoT however takes another big step -- it actually can "read" what's on your screen being displayed by an Android app, and provide you with additional information based on that data.

Obviously to do this, data about what you're looking at needs to be sent to Google for analysis.

The way this is being done -- and this is very early discussion here based on the information I have at hand -- seems to be quite well thought out.

For example, you have to opt-in to NoT in the first place. Once you're in, data from your current screen is only sent to Google for NoT processing when you long-press the Home button on your device.

My current understanding is that both text and screenshots are sent for analysis by default if you have NoT enabled -- logical given today's display methodologies. In fact, buried in the settings you apparently can actually choose alternate providers of such services, and whether or not you wanted to send text-only or text plus screenshots.

So clearly a lot of deep thinking went into this. And make no mistake about it, NoT is very important to Google, since it provides them with a way to participate in the otherwise largely "walled garden" ecosystem of non-Google apps.

Still, there are some issues here that will be of especial importance to anyone who works with sensitive data, particularly if you're constrained by specific legal requirements (e.g., lawyers, HIPAA, etc.)

Some of this is similar to considerations when using Google's optional "data saver" functions for Android and Chrome, which route most of your non-SSL data through Google servers to provide data compression functionalities.

Fundamentally, there are some users in some professions who simply cannot risk -- from a legal standpoint if nothing else -- sending data to third parties accidentally or otherwise unexpectedly.

In the case, of NoT, for example, my understanding is that when a user long-presses home to send, the entire current view is sent to Google, which can include data that is not currently visible to the user (e.g. materials that you'd need to scroll down to view). This could, for example, include financial information, personal and business emails, and so on. And while NoT reportedly includes a function to allow app developers to prevent its use (in financial apps, let's say) this requires that the app developers actual compile in this function.

Another issue is that -- at the moment -- I am unclear as to all of the privacy policy aspects that apply to NoT -- how long is related data retained, what are all the ways it can be used now or perhaps later, etc. I don't expect problems in this area, but I am trying to get much more detailed information than I currently have seen in this context.

So overall, my quickie executive summary at this point suggests that Now on Tap will be a very useful feature for vast numbers of users -- but it won't be appropriate for everyone. Especially in corporate environments or other situations where sending data to third parties would be considered inappropriate irrespective of those third-parties' privacy policies, due consideration of these various capabilities and issues would be strongly recommended.

I have consulted to Google, but I am not currently doing so.
All opinions expressed here are mine alone.

Posted by Lauren at October 6, 2015 04:36 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein