Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings.
The data-harvesting ad giant on Thursday detailed plans to create a “safety section in Google Play” that it says “will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security.”
A precise policy will be revealed in Q3 2021. For now, Google has said “among other things, we’ll ask developers to share:
- ”What type of data is collected and stored: Examples of potential options are approximate or precise location, contacts, personal information (e.g. name, email address), photos & videos, audio files, and storage files
- How the data is used: Examples of potential options are app functionality and personalization”
Developers with apps in the Play Store will also be required to disclose whether:
- The app has security practices, like data encryption
- The app follows Google’s Families policy
- The app needs this data to function or if users have choice in sharing it
- The app’s safety section is verified by an independent third-party
- The app enables users to request data deletion, if they decide to uninstall
Developers will be responsible for writing their own disclosures.
“Google Play will introduce a policy that requires developers to provide accurate information,” says Google’s blurb. “If we find that a developer has misrepresented the data they’ve provided and is in violation of the policy, we will require the developer to fix it. Apps that don’t become compliant will be subject to policy enforcement.”
However, Google hasn’t said how it will enforce that policy, how it will assess the accuracy of disclosures, whether it will do so for the millions of apps it hosts, how often it will review app’s disclosures, or the timeframe required for corrections.
But the web giant doesn’t seem to think it will need to make much of an effort.
“Developers agree that people should have transparency and control over their data,” says its announcement. “Developers also want to give additional context to explain data use and how safety practices could affect the app experience.”
The Register wonders if Google has actually met some of those developers, a question we pose considering recent research that found fertility apps may be privacy-invading nightmares, and many similar incidents in the history of the Play Store.
- Google Play infested with cash-stealing web apps
- Contacts-slurping Android malware sneaked onto Google Play store – twice
- Fresh stalkerware crop pops up on Google's Android Play Store, swiftly yanked offline
- Google Play Store spews malware onto 9 million 'Droids
Google’s timeline calls for developers to start adding the required info in Q4 of 2021, before it starts to appear for users in Q1 2022. On an as-yet-unrevealed date in Q2 2022, all apps will be required to have their info recorded.
Even Google’s own apps will have to comply.
Developers that makes apps for iOS and Android may find this new requirement is not a hassle, as Apple has required similar “nutrition labels” since December 2020.
Google’s post doesn’t explain why it has decided now is the time to follow Apple’s example. ®