Security isn't privacy, and you can have one without the other

Google Pixel 4 XL
Google Pixel 4 XL (Image credit: Andrew Martonik / Android Central)

We all tend to equate security with privacy. I'm not talking about public security, where there is debate over encryption and why Apple and Google won't just hand everything over to the FBI, I'm talking about our personal digital security.

Security is really an easy subject to understand once you break it down to its core: your electronic devices — whether they be a phone, a laptop, a smart doorbell, or anything else — should only be operable and accessible by you. If I can pick up your phone and rifle through its contents or see the video your Ring Doorbell collects, something, somewhere isn't secure.

It could be as simple as you haven't used any available tools to set up personal security like a lock screen on your phone, or it could be an existing exploit that allows me to connect remotely. In the end, all that matters is that if I can get into your stuff, it's not secure.

Security is easy to understand if you break it down: only you can use or access your digital devices.

Privacy is a bit different. Privacy is protecting our personal data through those existing security methods which is where much of the confusion stems, but more importantly privacy is something we all tend to willingly ignore and give away our data willingly. Our data is a commodity that is worth billions and billions and there will always be a company willing to provide a service using your privacy as payment.

Here's where we're going to talk about Google and Android. Android itself is one of the most secure operating systems in existence. Its open-source nature and frequent security audits by some of the best people in the field mean updates to keep Android secure happen at a rapid pace, and Google even spends millions every year paying people who find security exploits and submitting them to the Android security team. Simply put, Android is so secure because so many eyeballs are looking at it.

The number of eyeballs looking at Android also means it has to be kept secure at any cost. Android is the new Windows — everyone uses it, so every bad actor is looking for a way to attack it. When any specific software is used by three-quarters of the population, it's going to be a target. This is why Google spends so much money keeping Android itself secure from exploits and malware.

Android is secure, but adding Google's apps hits hard on the privacy side.

Privacy is another matter completely. You can use Android and guard your privacy, but hardly anyone would want to because Android isn't that great without Google and third-party support. A smartphone isn't very smart without any apps involved. You hear a lot about apps that overreach and ask for too much of your private data and Google is in a constant battle to address these issues, but Google itself is also the biggest offender.

You should read those pop-up messages the next time you sign into a new Android phone because they tell you about what personal data you're giving away and how Google will use it. The same goes for things like Google Assistant's privacy policy, or the privacy policy for a Nest thermostat. To add to the confusion, most Android phones are made by Google's hardware partners like Samsung who also have separate data-collection policies.

As mentioned, you are using your personal data to pay for services from Google. It has real value, the same as dollars and cents. That means it's important to make sure you are getting equal value in return. Google doesn't sell your data, no matter how many times you hear a knucklehead claiming it does. But it's important to know what Google does with: Google builds an advertising profile on you and uses it to sell more ads through its money-making advertising division.

Google Privacy Policy

Source: Android Central (Image credit: Source: Android Central)

Only you can decide if the trade (or as I like to think of it, the financial transaction of paying with data) is worth it. You have to ask yourself if you trust that Google will always safeguard the huge amounts of personal information it collects about you; you have to ask if Google is using your data responsibly; and you have to trust that Google isn't being too invasive and collecting data about your race or religion or health. Then you need to look at the services you get in return.

I use Google services because what I give is worth what I get in return.

I use Google products and reluctantly trust the company with my data. Google's track record of how it cares for user data stands on its own, and I truly believe it would responsibly report and address any outside data breaches. I do this because the services I get in return are phenomenal — Assistant greets me each morning and turns on my lights when it knows I have to wake up. Google Photos keeps better track of my photo library than I ever could. Gmail is like a virtual filing cabinet where everything you've ever sent or received is there and easy to find. And the other services like Maps or Google Docs are useful each time I need them. The trade-off is worth it to me.

I'm not trying to convince anyone that they should do the same — in fact, you should not listen to me and make your own decision about it. But it is very important that everyone realize that Google can easily say it has the most secure operating system on the planet but that doesn't make any difference when it comes to the privacy you are willing to give up in order to use it.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.