Public Report – Google Privacy Sandbox Aggregation Service and Coordinator

During the winter of 2022, Google engaged NCC Group to conduct an in-depth security review of the Aggregation Service, part of Google’s Privacy Sandbox initiative. Google describes the Aggregation Service as follows:

The Privacy Sandbox initiative aims to create technologies that both protect people’s privacy online and give companies and developers tools to build thriving digital businesses. The Privacy Sandbox reduces cross-site and cross-app tracking while helping to keep online content and services free for all. One of the proposed solutions within the initiative is the Aggregation Service. The goal of this service is to allow ad tech to generate summary reports, which include aggregated measurement data on user’s behavior collected by other Privacy Sandbox APIs; these APIs allow ad techs to collect aggregatable reports from clients. The aggregation service decrypts and combines the collected data from the aggregatable reports, adds noise, and returns a summary report. This service runs in a trusted execution environment (TEE), which is deployed on a cloud service that supports necessary security measures to protect this data. This approach is designed to provide a balance between protecting user privacy and meeting the needs of the advertising industry.

NCC Group’s evaluation included the following components:

  • Web Services Assessment, which consists of dynamic testing and code review of the final design and deployment of the Privacy Sandbox Aggregation Service from the perspective of an external attacker.
  • Architecture Design Review, which consists of a review of the final design of the Privacy Sandbox Aggregation Service.
  • Cryptography Design and Implementation Review, which consists of a comprehensive review of the cryptography implementation for the Aggregation Service and split key features.
  • Holistic Attacker-Modeled Pentest, which consists of a holistic review of the final design and implementation of the Privacy Sandbox Aggregation Service from the perspective of a malicious ad tech firm.

In spring 2023, NCC Group completed a retest on a series of fixes proposed by Google, and found that they effectively addressed all findings documented in this report.

The public report for this review may be downloaded below:

NCC_Group_Google_Privacy_Sandbox_Public_Report_v2 Download

Source: Original Post