Google: If your Android app can create accounts, it better be easy to delete them, too
Awoogah, awooooogah, new policy coming for developers
Developers creating Android applications for the Google Play store will need to make it easy for users to delete their app accounts and associated data, though not for a while yet.
The account-nuke requirement will apply to Play-hosted programs that allow users to open accounts, Googler Bethel Otuteye explained in a memo this week. Thus if your app is in Google's souk and allows people to sign up for an account, it better soon be able to let people tear down those profiles and wipe away information held about them. And by soon, we mean, next year.
"As the new policy states, when you fulfill a request to delete an account, you must also delete the data associated with that account," Otuteye wrote. Although apps in the Play store can already declare to users how data deletion is handled if requested, "we know that users want an easier and more consistent way to request them," she added.
Google's policy follows a similar one implemented by rival Apple. Starting in June 2022, the iPhone giant began requiring apps submitted to its App Store that offer account creation to support the deletion of those accounts within the app. That deletion includes scrubbing the account from the developer's records as well as any data linked to it that the app maker isn't legally obligated to keep.
"Providing this capability gives people more control of the personal data they've shared," Apple wrote at the time.
It also comes a few weeks after the Federal Trade Commission proposed a "click to cancel" rule to make it as easy to cancel subscriptions as it is to sign up for them.
The proposal would cover everything from newspaper subs to org memberships, and could pull mobile app subscriptions into the mix as well.
Little late to the game?
Now comes Google. Third-party Play store developers will also have to provide a way to kill a customer account from the web so that users aren't forced to install an app just to delete their profile. That'll be interesting for mobile-only applications that don't have a functioning website other than a homepage that says: go get our amazing super app from the Play store.
And the search giant said it will give users more choice when deciding what they want to delete. Rather than getting rid of their account entirely, they can opt to trash just stuff like activity history, images, and videos, where applicable. Developers also will need to clearly disclose why they may retain data after account closure, such as for fraud protection reasons and regulatory compliance.
That said, users likely will have to wait until next year before seeing the policy put into practice. Google wants to give programmers – particularly those who don't have a profile deletion function in their apps or on their website – time to prepare, Otuteye said.
- Check out this Android spyware, says Microsoft, the home of a gazillion Windows flaws
- Fitbit users will have to sign into Google from 2023
- Stolen info on 400m+ Twitter accounts seemingly up for sale
- Requiem for Google Reader, dead for a decade but not forgotten
App makers will also have to fill out Google's Data Safety questionnaire about their code and their approach to account deletion by December 7. Those devs who need more time can ask for an extension via the Play Console, giving them until May 31, 2024.
Otuteye last month outlined some of the steps Google hopes to take this year to help keep Android apps, data, and users secure.
For instance, people should be able to, at some point, select individual photos they want to share with an app rather than give the software permission to access all images on a device.
Google also is working to limit the sharing of user data and the use of cross-app identifiers by digital advertisers, and unveiled the first beta of the Privacy Sandbox on Android so folks can evaluate its work in this area. In addition, the biz will improve the automated systems that are supposed to catch malicious apps and other abuse in the Play store, according to Otuteye. Its software souk has had a bit of a malware problem as regular Reg readers are well aware. ®