Google's pending Play Store policy changes are bringing various privacy improvements – but also include a security enhancement and disclosure requirement that deserve mention.
Previously, the web titan's Device and Network Abuse policy gave it broad latitude to take action against apps that "interfere with, disrupt, damage, or access in an unauthorized manner the user’s device, other devices or computers, servers, networks, application programming interfaces (APIs), or services."
Google's policies also forbade Google Play apps from modifying or updating themselves outside of Google Play's update system and from introducing or exploiting security vulnerabilities.
- Google Play to require privacy labels on apps in 2022, almost two years after Apple
- We've got some really bad news about Apple's privacy measures, Google tells iOS app devs: It'll hurt your Google ad revenue
- Apple begins rejecting apps that use advertising SDKs for fingerprinting users
- COVID-19 notification app update blocked by Apple, Google over location privacy fears
"We discovered the
According to Snyk, Mintegral removed the
MTGBaseBridgeWebView code following the publication of the security firm's findings and the China-based ad-tech biz has since posted about its support for Apple's
SKAdNetwork attribution API – suggesting it may have remedied the alleged rules violations.
We asked Apple and Google whether Mintegral's SDK currently complies with their respective store policies, but we've not heard back.
Starting in mid-October, there will be a specific prohibition against the misuse of interpreted languages. And maybe it will help, if Google makes the effort to enforce its rules.
Developers must provide accurate information related to personal or sensitive user data their apps collect, use, or share
The other noteworthy policy change is that personal data usage in Google Play apps must be disclosed and must be accurate. Google's current User Data policy implies but does not explicitly demand accuracy – a requirement spelled out in separate Misrepresentation and Deceptive Behavior sections.
"We’re adding a new Data privacy and security section to the User Data policy where developers must provide accurate information related to personal or sensitive user data their apps collect, use, or share," Google said.
The accurate disclosure requirement takes effect on April 1, 2022, which in the US, the UK, and various other countries, is known as April Fool's Day. ®