Android Privacy Sandbox release notes

The Privacy Sandbox on Android offers Developer Preview and Beta programs. We'll introduce new APIs and features in the Developer Preview over time and promote stabilized APIs to the Beta program. Feedback is encouraged.

If you're new to the Privacy Sandbox on Android, start with the Program Overview. To get started with building Privacy Sandbox into your project, set up your development environment and get the Privacy Sandbox on Android on your test device or emulator.

Current releases

Android VanillaIceCream Preview

Protected Audience API

  • The ability to pass authenticated contextual ads into a Protected Auction has been added. This also includes negative filtering for apps already installed on the device as well as frequency capping on number of clicks, impressions, views, or wins. The implementation differs from previous iterations as the contextual ads are required to be signed by the ad tech. Read about how to implement this in the developer guide.
  • ContextualAds renamed to SignedContextualAds along with related getter and setter in AdSelectionConfig; getPerBuyerSignedContextualAds, setPerBuyerSignedContextualAds
  • If an unauthenticated contextual app is passed, it will be removed from the auction

Attribution Reporting API

  • The ability to drop a source if the app is already installed on device
  • Updates from lite flexible event reporting to full flexible event reporting

Privacy Sandbox on Android November 2023 Beta update

This release of the Privacy Sandbox on Android Beta includes updates to the Privacy Sandbox APIs on public Android 14 devices. The SDK and device images are available to download using Android Studio's SDK manager as Android API 34, Extension Level 10, and is functionally similar to Developer Preview 9, with a few key modifications.

Protected Audience API

  • Ad techs can now use custom audience delegation to join a custom audience on behalf of a buyer that does not have on device presence.
  • Android now supports running an auction on Bidding and Auction services.
  • Protected Audience auctions support CPC billing.
  • Protected Audience auctions and reporting now support data version headers for trusted bidding signals.
  • Protected Audience auctions support frequency cap filtering on WIN events.
  • Protected Audience now supports integration with Attribution Reporting API.

Attribution Reporting API

SDK Runtime

  • Ability from SDK to load other SDKs within the SDK Runtime to support mediation use cases

Past releases

Developer Preview 10

Release date: December 19, 2023

Known limitations

  • There is an issue which causes Google Play services to crash in the background and repeatedly inform the user:
    • Rebooting the device may alleviate this issue.
    • While testing, if you are having issues with asynchronous calls timing out, try adding the following adb command in order to lengthen the threshold until timeout:
    • adb shell device_config put adservices fledge_auction_server_overall_timeout_ms 60000;
  • Physical device only: Adding a Google Account is not supported. Follow these steps to get the device to the home screen:
    • Install the preview image on the phone.
    • Go through the setup wizard without connecting to Wi-Fi or mobile data.
    • Once on the home screen, connect to Wi-Fi or mobile data.
    • Reboot the device.

Protected Audience API

  • We are introducing new capabilities, [Protected App Signals][dp98], to support serving relevant app install ads. With this DP, we are releasing APIs to enable ad techs to:
    • Curate signals by storing app events in protected on-device storage which are used for serving relevant app install ads.
    • Run a Protected Auction on Bidding and Auction services running within Trusted Execution Environments where they can access their respective signals to aid in ad selection and bidding.

Attribution Reporting API

  • This version of the Attribution Reporting API:
    • Adds Protected Audience integration, which enables custom audience dimensions in aggregate summary reports.
    • Supports Google Cloud Provider as a TEE for the Aggregation Service.
    • Adds shared_debug_key field to support debugging for cross-network attribution without redirects.
    • Adds version headers in verbose debugging report requests.

On-Device Personalization

  • Initial release for researchers and early development.
  • On-Device Personalization introduces an innovative way to customize products and services while providing enhanced end user privacy protection. On-Device Personalization provides a set of services and algorithms as building blocks to achieve this, including but not limited to:
    • Federated Compute (FC) that enables training, evaluating, and personalizing models using Federated Learning. On-Device Personalization's use of Federated Compute will be based on model training and (optionally if needed) inference.
    • Cuckoo Filter based matching and cross-matching among data that's disparately located.
    • Differentially Private (DP) training of sparse models using new techniques such as DP Alternating Minimization (for training on disparately located data), and model personalization under billboard DP.

Developer Preview 9

Release date: August 15, 2023

Known limitations

  • Auction data generated by calling the Bidding and Auction API is not deleted automatically in DP9.
  • Calling getAdSelectionData and persistAdSelectionResult when consent is revoked crashes the process.
  • Negative filtering feature does not work with getAdSelectionData and persistAdSelectionResult.

Protected Audience API

  • Ad techs can now use custom audience delegation to join a custom audience to an on-device caller.
  • Android now supports running an auction on Bidding and Auction services - Protected Audience auctions support CPC billing.
  • The Report Interactions API is now called reportEvent.
  • Frequency capping method and counter types have been renamed.
  • Debug reporting is available to get information on why an auction was lost or to identify issues in JavaScript logic.

Attribution Reporting API

  • This release improves debug reports for the Attribution Reporting API by:
    • Supporting verbose debug reports that are supported on web.
    • Enabling cross web and app attribution debug reports (requires AdId on both web and app registration).
  • Ad techs can configure noise parameters for different reporting scenarios.
  • This release moves to origin-based attribution, meaning:
    • Origin is used for registration.
    • Multiple origins are accepted under a single site.
    • A new rate limit of one origin per source app or enrollment.
  • Ad techs can now disable enrollment for testing Attribution Reporting use cases locally.

SDK Runtime

  • The SDK can only start or bind to an allowlist of services.
  • The SDK is only able to access a subset of the system ContentProvider (such as, where obtained data lacks identifiers and can't be used to build a fingerprint of the user. These checks also apply to accessing ContentProvider using ContentResolver.
  • The SDK is only able to access a subset of protected broadcast receivers (such as android.intent.action.AIRPLANE_MODE).
  • The SDK can launch an activity belonging to another app, but with limits on what can be sent in the Intent.

Privacy Sandbox on Android March 2023 Beta update

The March 2023 release of the Privacy Sandbox on Android Beta includes updates to the Privacy Sandbox APIs on public Android 13 devices. This release includes Ad Services Extensions 5 APIs and is functionally similar to Developer Preview 6, with a few key modifications.

Known limitations

  • The background fetch job that runs periodically to update FLEDGE custom audiences causes the process to crash. Because of this issue, FLEDGE is disabled by default.


  • You can use the Attribution Reporting API as of this release. The API was previously disabled. If you used the Attribution Reporting API on the previous Beta release, clear your app or device data before using this Beta release using one of the following steps:
    • On a device or emulator, go to Settings and clear app-specific storage (not just cache) for any apps used for testing.
    • Perform a factory reset on your physical or emulated device.
    • For an emulated device, perform a Wipe Data function.
  • Attribution Reporting now supports debug keys, which allows developers to receive unaltered reports and privacy-enhanced reports from the Attribution API. Debug keys provide an opportunity to gain greater visibility into how reports are structured while you transition to the Privacy Sandbox.
  • Attribution Reporting recently experienced a bug with Ad Services where registerSource and registerTrigger would fail with exceptions. If you experienced these issues during development, a fix has rolled out and these issues should resolve over time.
  • The Topics API preview functionality now has parity with Privacy Sandbox on Android Developer Previews. A Topics API caller can preview topics without including the topic retrieval call in the weekly epoch calculation or affecting the list of observed topics for the caller. Refer to the shouldRecordObservation field for details.
  • To enable testing in FLEDGE on Android, register for the Beta program and use that same Google Account to sign in to your test devices. Otherwise, attempts to call APIs cause an IllegalStateException with a "Service is not available" message. FLEDGE should be reinstated in the next Beta release.

    In the meantime, testing using Developer Previews can continue and is encouraged, and FLEDGE can be manually enabled on devices with the following caveats:

    You can enable FLEDGE with the following adb commands. However, this causes the background fetch process to crash, which negatively impacts system health metrics. This is not a permanent solution as these values may be reset by the platform.

    adb shell device_config set_sync_disabled_for_tests persistent
    adb shell setprop debug.adservices.fledge_select_ads_kill_switch false
    adb shell setprop debug.adservices.fledge_custom_audience_service_kill_switch false
    adb shell device_config put adservices fledge_background_fetch_enabled true

Past releases

Developer Preview 8

Release date: May 23, 2023

Known limitations

  • While WIN-typed frequency cap filters can be added to Protected Audience ads, the WIN type is not yet supported, and filters of this type are ignored.
  • To report win impressions to winning buyers of Protected Audience auctions, buyers must be enrolled with the Privacy Sandbox. This requirement cannot be overridden.
  • To access Privacy Sandbox settings on a device that has Privacy Sandbox available, go to Settings > Google > Ads > Privacy Sandbox.
  • Can't deploy projects with emulators on Android Studio Giraffe. Other versions of Android Studio should work fine. A fix will be rolled out to Android Studio Giraffe on May 26, 2023.

Protected Audience API

Attribution Reporting API

  • Added OR trigger filters. This means that filters now consist of a filter set, which is a list of filter maps. If none of the filter maps in the set match the source's filter data, the event_trigger_data object is ignored.
  • The impression expiry and reporting window for aggregation and event-level APIs have been decoupled.
  • Added support for deduplication keys in aggregatable reports.
  • Added scheduled_report_time to event reports for parity with the Privacy Sandbox for Web.
  • Implemented cross-network attribution without redirects.

SDK Runtime

Developer Preview 7

Release date: January 26, 2023

FLEDGE on Android API

  • The parameter custom_audience_signals has been renamed in the following JavaScript methods:
    • generateBid() has been renamed custom_audience_bidding_signals.
    • scoreAd() has been renamed custom_audience_scoring_signals.
    • reportWin() has been renamed custom_audience_reporting_signals.
  • This release adds a new selectAds override that takes AdSelectionFromOutcomeConfig to compares selectAds results. This enables ad tech SDKs that leverage this API to run waterfall mediation. More details are outlined in the developer guide.
  • The selectAds() API now supports caching for bidding and scoring logic JavaScript fetched during the ad selection process.
    • The cache can be controlled with Cache-Control headers returned by the servers during the JavaScript fetch call. Use no-cache or no-store to prevent JavaScript responses from getting cached, and max-age to control the cache duration.
    • The current cache entry max-age is set to two days by default.

Attribution Reporting on Android API

  • This release adds support for daisy-chain redirects for registerSource() and registerTrigger(). The API consumer can now use an HTTP redirect as the server response.

Initial Beta release, January 2023

Release date: January 9, 2023

Privacy Sandbox on Android Beta 1 represents the first availability of Privacy Sandbox APIs on public devices, and adds improvements to the areas listed next.


  • Privacy Sandbox on Android Beta 1 is functionally equivalent to Developer Preview 5, with some additional features and limitations listed below.
  • Developers must complete an enrollment process to utilize ads-related APIs (including Topics, FLEDGE, and Attribution Reporting). The enrollment process verifies developer identity and gathers developer-specific data needed by the APIs.
  • With the Privacy Sandbox on Android Beta 1 release, developers that have enrolled and submitted details to the allowlist may get the opportunity to test on their own physical devices. To develop against stable APIs in the release, download the new SDK Ad Services Extensions 4.

Topics API

Attribution Reporting API

  • Attribution Reporting has been disabled and is not available for use in this release. Access to this API should be re-enabled in the next Beta release. You're encouraged to continue testing with Developer Previews.

SDK Runtime

The following limitations are expected to be fixed in the next major Android platform release:

  • Ad rendering within a scrollable view such as RecyclerView currently does not work properly. You may experience jank if the element is resized. User touch scroll events are not passed to the runtime properly.
  • WebView rendering is not available in the SDK Runtime process.
  • Per-SDK storage is not available.
  • Support for the getAdId and getAppSetId APIs is not yet activated.

Developer Preview 6

Release date: October 31, 2022

Privacy Sandbox on Android Developer Preview 6 adds improvements to the following areas:


  • In preparation for production rollout, Developer Preview 6 introduced a flag to disable Privacy-Preserving API access by default. For testing purposes, enable Privacy-Preserving API access in the Developer Preview by running the following command:

    adb shell device_config put adservices global_kill_switch false
  • The AdIdManager and AppSetIdManager APIs require Google Play services version 22.36.16 or higher.

    • On an Android-powered device, verify the correct version is listed under Settings > Apps > Google Play services.
    • If you need to update Google Play services to the proper version, sign in on your Android testing device or emulator with a Google Account. Then go to Google Play Store > profile icon > Settings > About. Under the Play Store version heading, tap Update Play Store.
    • This step is only applicable for development and testing, and won't be needed after the Privacy Sandbox has rolled out to public users.

Topics API

  • Added a Preview API for toggling whether or not getTopics registers as an observer.
  • Minor changes to initialization code for GetTopicsRequest class.
  • Topics integration guide released.

FLEDGE on Android API

  • If you are testing against real servers, enabling the API is now enforced. Please follow these steps to configure your device. These steps are not required if you are using the remote overrides present in the sample app.
  • Breaking Changes:
    • Replaced Url in parameters with Uri. This applies to all FLEDGE APIs and custom JavaScript for bidding and scoring logic.
    • Removed owner field from Custom Audience API inputs.
  • Incomplete custom audiences are now immediately eligible for background refresh.
  • JavaScript memory limit is now set to 10MB. This applies to bidding and scoring logic.

Attribution Reporting API

  • Ad techs must enroll before they can use the Attribution Reporting API in Developer Preview 6. See Enroll for a Privacy Sandbox account for more information.
  • This release introduces debug keys, which allows developers to receive unaltered reports along with the privacy-enhanced reports from the Attribution Reporting API. Debug keys provide the chance to gain greater visibility into how reports are structured while transitioning with the Privacy Sandbox.

Developer Preview 5


  • Before you can access the Privacy Sandbox APIs in Developer Preview 5, you must first enable the APIs and configure API-specific permissions.
    • Designs for the Privacy Sandbox on Android allow users to control whether privacy preserving APIs and the SDK Runtime are active on their device. These settings are set as disabled by default in Developer Preview 5. You can enable API access using an adb command.
    • The caller app must specify API-specific permissions in the manifest and related AdServices configurations that control access for embedded SDKs.
  • Apps must call the privacy preserving APIs when running in the foreground.
  • AdIdManager and AppSetIdManager are not currently operational. They will be enabled in a later release.

SDK Runtime

  • sendData() will be deprecated in a future version.
  • loadSdk() now returns an IBinder object to facilitate 2-way communication between the runtime-enabled SDK and apps defined in AIDL.
  • Apps have access to additional runtime-enabled SDK lifecycle events, such as when the SDK process is terminated.

Attribution Reporting API

This release introduces additional features in the Attribution Reporting API, including:

  • Encrypted aggregation report support.
  • Cross app and web measurement support.
  • Consolidated headers in source and trigger registration responses:
    • Source: Attribution-Reporting-Register-Aggregatable-Source is now a part of Attribution-Reporting-Register-Source
    • Trigger: Attribution-Reporting-Register-Event-Trigger, Attribution-Reporting-Register-Aggregatable-Trigger-Data and Attribution-Reporting-Register-Aggregatable-Values have been consolidated into a single header named Attribution-Reporting-Register-Event-Trigger
    • Attribution-Reporting-Redirects is still a separate header

FLEDGE on Android API

This release includes several new features and improvements, as well as breaking changes:

  • Breaking changes:
    • runAdSelection() has been renamed to selectAds().
    • Replaced the parameter of AdSelectionConfig.Builder.setAdSelectionSignals() with AdSelectionSignals, which represents a JSON object.
    • Replaced the usage of String to represent an ad tech buyer/seller with the AdTechIdentifier object.
    • Added TestCustomAudienceManager and TestAdSelectionManager classes for overriding remote JavaScript-fetching.
    • The owner of a custom audience is required to be the package name of the calling app.
  • FLEDGE APIs now validate the caller app against a set of restrictions and limitations described in the developer guide. The following are some notable examples.
    • selectAds and reportImpression now have execution time limits, after which the call will be terminated.
    • selectAds and reportImpression now have a limit to memory consumed during JavaScript execution. The APIs will throw an error if the memory consumption exceeds configured limits.
    • selectAds and reportImpression now validate the AdSelectionConfig object to ensure that fields are syntactically valid and that the URLs are under the eTLD+1 used in the seller field.
    • AdServices now validates custom audiences at time of creation. Some of this validation includes ensuring expiration time is valid and applies a limit to how many custom audiences an app can create and the total size of the ads provided in the joinCustomAudience call. The validation also enforces that the URIs provided for signals and bidding logic retrieval and background fetching are all under the buyer's domain.
  • Custom audience metadata is updated daily by a background fetch process.
  • Custom audiences are removed when the "owner" app is uninstalled.
  • Added support to specify Trusted Scoring Signals and Trusted Bidding Data during ad selection. See code sample for the response format.
  • FLEDGE for Android APIs depend on WebView version 105.0.5195.58 or higher. Refer to the setup information in the developers guide for details.
  • Known Issues:

    • When joining a custom audience, the platform currently doesn't perform background updates immediately, if any of the metadata or AdData values are empty or null. The custom audience won't be eligible for ad selections until it's been updated one day later. A future release will make incomplete custom audiences immediately eligible for background fetch updates. The current default memory limit for JavaScript execution is too low and might cause normal workloads to crash the JavascriptEngine on devices. Your JavaScript execution may terminate unexpectedly with the error message "Fatal javascript OOM in CALL_AND_RETRY_LAST".

      You can manually resolve this by configuring the proper memory threshold with the following command:

      adb shell "device_config put adservices fledge_js_isolate_enforce_max_heap_size 10485760"
    • Custom audience ads that don't match the required JSON structure are updated during background fetch.

Topics API

Tools Updates

Android Studio Canary has support for building SDK APKs with a new module type. The SDK Runtime Developer Guide has been updated, and the Privacy Sandbox sample apps on GitHub reflect this update.

Developer Preview 4

Release date: July 14, 2022

Privacy Sandbox on Android Developer Preview 4 adds improvements to the following areas:

SDK Runtime

  • Apps can now communicate with the runtime enabled-SDKs (RE-SDKs) through the addition of sendData().
  • Local storage is now available in the SDK Runtime process.
  • An SDK can also render standalone video based ads or content in the SDK Runtime.
  • Added clarifications around reflection usage to include the ability to use reflection provided the content is not in another RE-SDK.

Attribution Reporting API

This release introduces changes to improve clarity around using the Attribution Reporting API, such as:

  • Changes in aggregate report format to improve readability.
  • Updated header fields for the Conversion Filtering and Biddability features.
  • Added clarifications in the WebApp API reference to explain source and trigger registration, as well as privacy and consent API availability.

FLEDGE on Android API

This release includes new features to aid in testing and debuggability, as well as a internal improvements:

  • Added support to override remote URLs for retrieving JavaScript logic during development.
  • Improved error reporting during ad selection.
  • Inactive custom audiences are now filtered out during ad selection.

Topics API

This release includes several significant changes to the Topics API, most importantly:

  • The return type of the getTopics() API has been changed to the new Topic object type which encapsulates integer IDs that correspond to Topics in the Taxonomy, and information about the classifier and Taxonomy versions. You should update any existing apps using this API.
  • The Topics API now requires a new normal permission.
  • Introduction of the "On-Device Classifier" system to dynamically assign Topics based on publicly available app information.

Known issues

  • The initial release of these device images (revision 6) doesn't load on Android Emulator version 31.2.10. Updated device images that address the problem have been made available as of July 27, 2022.

Developer Preview 3

Release date: June 9, 2022

Privacy Sandbox on Android Developer Preview 3 adds functionality for the Attribution Reporting API and FLEDGE on Android.

Attribution Reporting API

The Attribution Reporting API improves user privacy by removing reliance on cross-party user identifiers, and supports key use cases for attribution and conversion measurement across apps.

This release includes developer resources to help you test the following Attribution Reporting API features:

  • Register attribution source and trigger events
  • Exercise source-prioritized and post-install attribution
  • Receive event reports
  • Receive aggregatable reports, which are unencrypted in this release

A sample app and reference ad tech server are provided to aid with testing

Known issues:

FLEDGE on Android

FLEDGE on Android introduces a new way to show ads based on custom audiences defined by app developers and the interactions within their app. This solution stores information and associated ads locally, and provides a framework to orchestrate ad selection workflows.

This release includes developer resources to help you test the following FLEDGE on Android features:

  • Join or leave a custom audience and observe how parameter values may affect auction outcomes
  • Fetch JavaScript auction code from remote endpoints
  • Configure and initiate on-device ad auctions
  • Handle impression reporting
  • A sample app and mock server configuration are provided to aid with testing

Known issues:

  • A custom audience can participate in ad selection even before its "activation time".

Developer Preview 2

Release date: May 17, 2022

Developer Preview 2 includes early previews of the MeasurementManager attribution reporting APIs.

  • You can call registerSource() and registerTrigger() to register app ad events and receive event-level reporting data for app-to-app attribution. Our current implementation uses last-touch attribution. Reports are scheduled to be sent out as defined by the reporting windows. Refer to the MeasurementManager API reference for more information.
  • The actual report upload happens at the end of fixed intervals of time, rather than at the exact scheduled time. The reporting upload interval is 4 hours by default, but can be overridden with the following adb command:

    adb shell device_config put adservices measurement_main_reporting_job_period_ms <duration in milliseconds>
  • A sample app and reference ad tech server for testing APIs will be published in a future release.

  • Other MeasurementManager attribution reporting API features like aggregate reporting, post-install attribution, and redirects will be available in a later release.

Developer Preview 1

Release date: April 28, 2022

Developer Preview 1 includes early previews of the Topics API and SDK Runtime. Functionality for FLEDGE on Android and Attribution Reporting APIs will become available in a future release.

  • Topics API
    • The getTopics() API currently returns test values based on offline classification for a limited set of apps. On-device classifications are not yet implemented.
    • You can use adb commands to override epoch intervals and force-trigger epoch computation.
    • Read the Topics developer guide for details.
  • SDK Runtime
    • You can package and build runtime-enabled SDKs (RE SDKs) using the new <sdk-library> element in your SDK app's manifest file. Install RE SDKs on a supported test device or emulator as you would normally install an app during development.
    • You can integrate an app with RE SDKs, load them in the SDK Runtime, and test the impact of restricted access on the SDK code -- permissions, memory, and app-to-SDK communications. Storage APIs for RE SDKs are not yet implemented, and will become available in a future release.
    • An SDK can render WebView-based banner ads or content in the SDK Runtime.
    • Read the SDK Runtime developer guide for more information.
  • Android lint checks
    • Android lint checks may incorrectly show warnings in projects compiled with the API level TiramisuPrivacySandbox. For example, you may see the warning message: "Call requires API level 33". You can temporarily address this by using the @SuppressLint("NewApi") annotation.