Security

Google Play to ban Android VPN apps from interfering with ads

Developers say this is not the privacy protection it's made out to be


Google in November will prohibit Android VPN apps in its Play store from interfering with or blocking advertising, a change that may pose problems for some privacy applications.

The updated Google Play policy, announced last month, will take effect on November 1. It states that only apps using the Android VPNService base class, and that function primarily as VPNs, can open a secure device-level tunnel to a remote service.

Such VPNs, however, cannot "manipulate ads that can impact apps monetization."

The rules appear to be intended to deter data-grabbing VPN services, such as Facebook's discontinued Onavo, and to prevent ad fraud. The T&Cs spell out that developers must declare the use of VPNservice in their apps' Google Play listing, must encrypt data from the device to the VPN endpoint, and must comply with Developer Program Policies, particularly those related to ad fraud, permissions, and malware.

Blokada, a Sweden-based maker of an ad-blocking VPN app, worries this rule will hinder at least the previous iteration of its software, v5, and other privacy-oriented software.

"Google claims to be cracking down on apps that are using the VPN service to track user data or rerouting user traffic to earn money through ads," Reda Labdaoui, marketing and sales manager at Blokada, wrote last week in a a forum post.

"However, these policy changes also apply to apps that use the service to filter traffic locally on the device."

Labdaoui suggests Blokada v6, which launched in June, should not be affected because it does filtering in the cloud without violating Google's device policies. But other apps may not be so fortunate.

Labdaoui points to the DuckDuckGo Privacy Browser for Android, which creates a local VPN service to make its App Tracking Protection block tracker server connections, as a potential casualty of the new Play policy.

DuckDuckGo, however, isn't convinced. "We don't believe we’ll be impacted by the policy but our team is continuing to review it," a spokesperson for the company told The Register in an email.

Another app that could be affected is Jumbo for Android, which also appears to utilize VPN-related code to block trackers.

Google's policy is not unique. Apple's iOS App Store includes a similar requirement to use a specific VPN API, named NEVPNManager, which is available only to developers who are part of an organization, not unaffiliated individual developers.

The iOS rules state, "You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy."

While Apple's VPN rules do not specifically address interfering with ads, it's likely the iOS guidelines leave enough room for interpretation that Apple could ban an iOS app that interferes with the functioning of other apps, were it so inclined.

Google for years has disallowed Android apps that block ads in other Android apps (with the exception of browsers), and its Chrome Web Store includes language that could be used to ban ad blocking extensions if Google chose to do so. For example, "We don't allow content that harms or interferes with the operation of the networks, servers, or other infrastructure of Google or any third-parties."

However, Google has maintained that it wants to let developers "create safer and more performant ad blockers," even as its pending Manifest v3 transition looks likely to make such extensions less capable.

Google did not respond to a request for comment. ®

Send us news
39 Comments

Google agrees to $391.5m settlement in privacy lawsuit

US states threw privacy challenge at web giant

UK competition watchdog investigates Apple and Google 'stranglehold' over the mobile market

Apple doesn't want to bite

Koch-funded group sues US state agency for installing 'spyware' on 1m Android devices

Class-action lawsuit seeks $1 in nominal damages

Evernote's fall from grace is complete, with sale to Italian app maker

Frustrate enough users and your product will stumble. Hint, hint, Elon

What do the US midterm election results mean for a federal privacy law?

Spoiler: it may hinge on California's voting block

Commercial repair shops caught snooping on customer data by canny Canadian research crew

Naming no names, but study finds trustworthy techs are hard to find

France says <i>non</i> to Office 365 and Google Workspace in school

Hey, teacher, leave those apps alone

Russia-based Pushwoosh tricks US Army and others into running its code – for a while

Russian data trackers … what could possibly go wrong?

Investor tells Google: Cut costs now and stop paying staff so much

Also wants Alphabet to slash losses in Waymo division, buy back shares, lots of them

Google’s resistance to third party Play store payments eases further with US tests

Tune in to hear how it works on Spotify, or hook up with choice on Bumble

Google looking outside the usual channels to fix security skills gap

'If your input continues to be monoculture, you can expect the same outcomes'

Google and Microsoft add more renewable energy for datacenters

Both announce green power purchase agreements for UK and Irish DCs as European worries over power continue