Release notes

Developer Preview releases of the Privacy Sandbox on Android are intended to help with early development, testing, and feedback. Android Privacy Sandbox Developer Previews are still in active development, so things might not always work as expected. The Privacy Sandbox Developer Preview is subject to further change, and feedback is encouraged.

To get started, set up your development environment and flash the Privacy Sandbox on Android on your test device or emulator.

Current release

Privacy Sandbox on Android Developer Preview 5


  • Before you can access the Privacy Sandbox APIs in Developer Preview 5, you must first enable the APIs and configure API-specific permissions.
    • Designs for the Privacy Sandbox on Android allow users to control whether privacy preserving APIs and the SDK Runtime are active on their device. These settings are set as disabled by default in Developer Preview 5. You can enable API access using an adb command.
    • The caller app must specify API-specific permissions in the manifest and related AdServices configurations that control access for embedded SDKs.
  • Apps must call the privacy preserving APIs when running in the foreground.
  • AdIdManager and AppSetIdManager are not currently operational. They will be enabled in a later release.

SDK Runtime

  • sendData() will be deprecated in a future version.
  • loadSdk() now returns an IBinder object to facilitate 2-way communication between the runtime-enabled SDK and apps defined in AIDL.
  • Apps have access to additional runtime-enabled SDK lifecycle events, such as when the SDK process is terminated.

Attribution Reporting API

This release introduces additional features in the Attribution Reporting API, including:

  • Encrypted aggregation report support.
  • Cross app and web measurement support.
  • Consolidated headers in source and trigger registration responses:
    • Source: Attribution-Reporting-Register-Aggregatable-Source is now a part of Attribution-Reporting-Register-Source
    • Trigger: We have consolidated Attribution-Reporting-Register-Event-Trigger, Attribution-Reporting-Register-Aggregatable-Trigger-Data and Attribution-Reporting-Register-Aggregatable-Values into a single header named Attribution-Reporting-Register-Event-Trigger
    • Attribution-Reporting-Redirects is still a separate header

FLEDGE on Android API

This release includes several new features and improvements, as well as breaking changes:

  • Breaking changes:
    • runAdSelection() has been renamed to selectAds().
    • Replaced the parameter of AdSelectionConfig.Builder.setAdSelectionSignals() with AdSelectionSignals, which represents a JSON object.
    • Replaced the usage of String to represent an ad tech buyer/seller with the AdTechIdentifier object.
    • Added TestCustomAudienceManager and TestAdSelectionManager classes for overriding remote JavaScript-fetching.
    • The owner of a custom audience is required to be the package name of the calling app.
  • FLEDGE APIs now validate the caller app against a set of restrictions and limitations described in the developer guide. Below are some notable examples.
    • selectAds and reportImpression now have execution time limits, after which the call will be terminated.
    • selectAds and reportImpression now have a limit to memory consumed during JavaScript execution. The APIs will throw an error if the memory consumption exceeds configured limits.
    • selectAds and reportImpression now validate the AdSelectionConfig object to ensure that fields are syntactically valid and that the URLs are under the eTLD+1 used in the seller field.
    • AdServices now validates custom audiences at time of creation. Some of this validation includes ensuring expiration time is valid and applies a limit to how many custom audiences an app can create and the total size of the ads provided in the joinCustomAudience call. The validation also enforces that the URIs provided for signals and bidding logic retrieval and background fetching are all under the buyer’s domain.
  • Custom audience metadata is updated daily by a background fetch process.
  • Custom audiences are removed when the “owner” app is uninstalled.
  • Added support to specify Trusted Scoring Signals and Trusted Bidding Data during ad selection. See code sample for the response format.
  • FLEDGE for Android APIs depend on WebView version 105.0.5195.58 or higher. Refer to the setup information in the developer guide for details.
  • Known Issues:

    • When joining a custom audience, the platform currently doesn’t perform background updates immediately, if any of the metadata or AdData values are empty or null. The custom audience won’t be eligible for ad selections until it’s been updated one day later. A future release will make incomplete custom audiences immediately eligible for background fetch updates. The current default memory limit for JavaScript execution is too low and might cause normal workloads to crash the JavascriptEngine on devices. Your JavaScript execution may terminate unexpectedly with the error message "Fatal javascript OOM in CALL_AND_RETRY_LAST".

      You can manually resolve this by configuring the proper memory threshold with the following command:

      adb shell "device_config put adservices fledge_js_isolate_enforce_max_heap_size 10485760"
    • Custom audience ads that don't match the required JSON structure are updated during background fetch.

Topics API

Tools Updates

Android Studio Canary has support for building SDK APKs with a new module type. The SDK Runtime Developer Guide has been updated, and the Privacy Sandbox sample apps on GitHub reflect this update.

Past releases

Developer Preview 4

Release date: July 14, 2022

Privacy Sandbox on Android Developer Preview 4 adds improvements to the following areas:

SDK Runtime

  • Apps can now communicate with the runtime enabled-SDKs (RE-SDKs) through the addition of sendData().
  • Local storage is now available in the SDK Runtime process.
  • An SDK can also render standalone video based ads or content in the SDK Runtime.
  • Added clarifications around reflection usage to include the ability to use reflection provided the content is not in another RE-SDK.

Attribution Reporting API

This release introduces changes to improve clarity around using the Attribution Reporting API, such as:

  • Changes in aggregate report format to improve readability.
  • Updated header fields for the Conversion Filtering and Biddability features.
  • Added clarifications in the WebApp API reference to explain source and trigger registration, as well as privacy and consent API availability.

FLEDGE on Android API

This release includes new features to aid in testing and debuggability, as well as a internal improvements:

  • Added support to override remote URLs for retrieving JavaScript logic during development.
  • Improved error reporting during ad selection.
  • Inactive custom audiences are now filtered out during ad selection.

Topics API

This release includes several significant changes to the Topics API, most importantly:

  • The return type of the getTopics() API has been changed to the new Topic object type which encapsulates integer IDs that correspond to Topics in the Taxonomy, and information about the classifier and Taxonomy versions. You should update any existing apps using this API.
  • The Topics API now requires a new normal permission.
  • Introduction of the "On-Device Classifier" system to dynamically assign Topics based on publicly available app information.

Known issues

  • The initial release of these device images (revision 6) doesn't load on Android Emulator version 31.2.10. Updated device images that address the problem have been made available as of July 27, 2022.

Developer Preview 3

Release date: June 9, 2022

Privacy Sandbox on Android Developer Preview 3 adds functionality for the Attribution Reporting API and FLEDGE on Android.

Attribution Reporting API

The Attribution Reporting API improves user privacy by removing reliance on cross-party user identifiers, and supports key use cases for attribution and conversion measurement across apps.

This release includes developer resources to help you test the following Attribution Reporting API features:

  • Register attribution source and trigger events
  • Exercise source-prioritized and post-install attribution
  • Receive event reports
  • Receive aggregatable reports, which are unencrypted in this release

A sample app and reference ad tech server are provided to aid with testing

Known issues:

FLEDGE on Android

FLEDGE on Android introduces a new way to show ads based on custom audiences defined by app developers and the interactions within their app. This solution stores information and associated ads locally, and provides a framework to orchestrate ad selection workflows.

This release includes developer resources to help you test the following FLEDGE on Android features:

  • Join or leave a custom audience and observe how parameter values may affect auction outcomes
  • Fetch JavaScript auction code from remote endpoints
  • Configure and initiate on-device ad auctions
  • Handle impression reporting
  • A sample app and mock server configuration are provided to aid with testing

Known issues:

  • A custom audience can participate in ad selection even before its "activation time".

Developer Preview 2

Release date: May 17, 2022

Developer Preview 2 includes early previews of the MeasurementManager attribution reporting APIs.

  • You can call registerSource() and registerTrigger() to register app ad events and receive event-level reporting data for app-to-app attribution. Our current implementation uses last-touch attribution. Reports are scheduled to be sent out as defined by the reporting windows. Refer to the MeasurementManager API reference for more information.
  • The actual report upload happens at the end of fixed intervals of time, rather than at the exact scheduled time. The reporting upload interval is 4 hours by default, but can be overridden with the following adb command:

    adb shell device_config put adservices measurement_main_reporting_job_period_ms <duration in milliseconds>
  • A sample app and reference ad tech server for testing APIs will be published in a future release.

  • Other MeasurementManager attribution reporting API features like aggregate reporting, post-install attribution, and redirects will be available in a later release.

Developer Preview 1

Release date: April 28, 2022

Developer Preview 1 includes early previews of the Topics API and SDK Runtime. Functionality for FLEDGE on Android and Attribution Reporting APIs will become available in a future release.

  • Topics API
    • The getTopics() API currently returns test values based on offline classification for a limited set of apps. On-device classifications are not yet implemented.
    • You can use adb commands to override epoch intervals and force-trigger epoch computation.
    • Read the Topics developer guide for details.
  • SDK Runtime
    • You can package and build runtime-enabled SDKs (RE SDKs) using the new <sdk-library> element in your SDK app's manifest file. Install RE SDKs on a supported test device or emulator as you would normally install an app during development.
    • You can integrate an app with RE SDKs, load them in the SDK Runtime, and test the impact of restricted access on the SDK code -- permissions, memory, and app-to-SDK communications. Storage APIs for RE SDKs are not yet implemented, and will become available in a future release.
    • An SDK can render WebView-based banner ads or content in the SDK Runtime.
    • Read the SDK Runtime developer guide for more information.
  • Android lint checks
    • Android lint checks may incorrectly show warnings in projects compiled with the API level TiramisuPrivacySandbox. For example, you may see the warning message: "Call requires API level 33". You can temporarily address this by using the @SuppressLint("NewApi") annotation.