Security

Google Play to ban Android VPN apps from interfering with ads

Developers say this is not the privacy protection it's made out to be


Google in November will prohibit Android VPN apps in its Play store from interfering with or blocking advertising, a change that may pose problems for some privacy applications.

The updated Google Play policy, announced last month, will take effect on November 1. It states that only apps using the Android VPNService base class, and that function primarily as VPNs, can open a secure device-level tunnel to a remote service.

Such VPNs, however, cannot "manipulate ads that can impact apps monetization."

The rules appear to be intended to deter data-grabbing VPN services, such as Facebook's discontinued Onavo, and to prevent ad fraud. The T&Cs spell out that developers must declare the use of VPNservice in their apps' Google Play listing, must encrypt data from the device to the VPN endpoint, and must comply with Developer Program Policies, particularly those related to ad fraud, permissions, and malware.

Blokada, a Sweden-based maker of an ad-blocking VPN app, worries this rule will hinder at least the previous iteration of its software, v5, and other privacy-oriented software.

"Google claims to be cracking down on apps that are using the VPN service to track user data or rerouting user traffic to earn money through ads," Reda Labdaoui, marketing and sales manager at Blokada, wrote last week in a a forum post.

"However, these policy changes also apply to apps that use the service to filter traffic locally on the device."

Labdaoui suggests Blokada v6, which launched in June, should not be affected because it does filtering in the cloud without violating Google's device policies. But other apps may not be so fortunate.

Labdaoui points to the DuckDuckGo Privacy Browser for Android, which creates a local VPN service to make its App Tracking Protection block tracker server connections, as a potential casualty of the new Play policy.

DuckDuckGo, however, isn't convinced. "We don't believe we’ll be impacted by the policy but our team is continuing to review it," a spokesperson for the company told The Register in an email.

Another app that could be affected is Jumbo for Android, which also appears to utilize VPN-related code to block trackers.

Google's policy is not unique. Apple's iOS App Store includes a similar requirement to use a specific VPN API, named NEVPNManager, which is available only to developers who are part of an organization, not unaffiliated individual developers.

The iOS rules state, "You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy."

While Apple's VPN rules do not specifically address interfering with ads, it's likely the iOS guidelines leave enough room for interpretation that Apple could ban an iOS app that interferes with the functioning of other apps, were it so inclined.

Google for years has disallowed Android apps that block ads in other Android apps (with the exception of browsers), and its Chrome Web Store includes language that could be used to ban ad blocking extensions if Google chose to do so. For example, "We don't allow content that harms or interferes with the operation of the networks, servers, or other infrastructure of Google or any third-parties."

However, Google has maintained that it wants to let developers "create safer and more performant ad blockers," even as its pending Manifest v3 transition looks likely to make such extensions less capable.

Google did not respond to a request for comment. ®

Send us news
39 Comments

Google gooses Safe Browsing with real-time protection that doesn't leak to ad giant

Rare occasion when you do want Big Tech to make a hash of it

Why France this week fined Google €250M over web news

Google pulls a few coins from the sofa and says whatever, just clarify who needs to be paid for what

In-app browsers are still a privacy, security, and choice problem

Regulators reminded that longstanding concerns haven't been addressed

Google's AI-powered search results are loaded with spammy, scammy garbage

Be careful where you click

First the Super Bowl, now this: Kansas City getting a Google bit barn

Exact location, power source, and go-live date unknown. But don't worry, there'll be digital jobs

India's competition regulator orders Google Play payment probe

Choice of alternative payment providers labelled 'illusory' – because none existed

Miscreants are exploiting enterprise tech zero days more and more, Google warns

Crooks know where the big bucks are

Sorry, Siri: Apple may be eyeing Google Gemini for future iPhones

Famous for keeping everything in-house, Apple may be carving AI-shaped door in its garden wall

Poking holes in Google tech bagged bug hunters $10M

A $2M drop from previous year. So … things are more secure?

Lawsuit claims gift card fraud is the gift that keeps on giving, to Google

Play Store commissions are a nice little earner, wherever they come from

Meta accused of snarfing people's Snapchat data via traffic decryption

I ain't afraid of no ghosts, but in this case...

The way Apple, Alphabet implemented DMA rules 'seems to be at odds' with law

European Commission says 12-month investigation could lead to fine of up to 10% of global revenue