GoKawiilRyan Haines / Android Authority
TL;DR Google says the EU’s latest DMA proposals could expose millions of users to greater privacy and security risks in the name of boosting competition.
Google warns that giving third-party AI assistants deeper access to Android could make fraud and cyberattacks easier.
The EU wants Google to share anonymized search queries, click data, and ranking information with rivals to help level the playing field.
Google is stepping up its fight against the European Union’s new Digital Markets Act (DMA) proposals, arguing that rules meant to loosen its grip on Search and Android could introduce new privacy and security risks for millions of users.
The warning comes as the European Commission prepares final decisions on separate cases for Google Search and Android interoperability by July 27. The DMA, which came into force to curb the power of dominant tech platforms, requires so-called gatekeepers to open parts of their ecosystems to competitors. Those rules apply to Alphabet, Apple, Amazon, Meta, Microsoft, ByteDance, and many others. For Google, that involves opening up more search data to rival search engines and granting third-party AI services greater access to Android.
That’s where it gets tricky, Google says. The current proposals, if enacted as written, could expose users to more fraud and cyberattacks, Heather Adkins, Google’s vice president of security engineering and one of the company’s earliest security leaders, told Wired. She said fraudsters would likely start exploiting the new system within weeks, especially if Android gives outside AI services more access to sensitive permissions like microphones, cameras, on-screen content, and installed apps.
Search data is an even bigger bone of contention. The Commission wants Google to give rival search engines access to data similar to that used by Google in-house, including anonymized search queries, click data, and ranking information. The idea is to provide smaller search providers and AI-powered search tools with enough data to improve their products and better compete against Google’s roughly 90% share of the global search market.
Google also contends that it cannot protect sensitive search data once it leaves its infrastructure. That information, the company argues, could make smaller organizations attractive targets for hackers, even if they have to go through independent security audits and sign agreements that prevent them from attempting to identify users. Adkins also warned that more sophisticated AI models could make it easier to de-anonymize large datasets if they fall into the wrong hands.
Not everyone agrees with Google’s assessment. Privacy-focused search engine DuckDuckGo says the Commission’s proposal already reduces reidentification risks to an insignificant level, while researchers at the Knight-Georgetown Institute argue the planned safeguards appear robust enough to support greater competition. They also say Google has the data necessary to independently verify that the anonymization techniques do what they are supposed to. But other academics recognize the privacy risks but say they must be considered alongside the Commission’s technical protections and not be dealbreakers.
... continue reading