Purchases made on Google Play disclose users’ personal info to app devs

February 15, 2013
12
78
44 33 45

Android Security

Google is again under attack for its apparent mishandling of its users’ personal information. Not so long after Microsoft criticized the Search giant’s treatment of email contents of its Gmail users, a new privacy issue has surfaced all over the Internet: too much customer information is shared to app developers.

Australian developer Dan Nolan lambasted Google in his blog post on Wednesday, declaring a ‘Massive Google Play Privacy Issue.’ He found out that when users purchase an app, its corresponding developer obtains personal details such as email and physical address, even real names. Nolan discovered that he has obtained a fair share of customer info himself after logging into his Google Play merchant account to update his payment details.

For a little background, the Paul Keating Insult Generator is Nolan’s sole Android app, a ported version of his iOS app that automatically produces insults that are based on the wit of the titular Australian politician. The app has gained quite a popularity in the App Store, which motivated Nolan to create one for Android.

Google’s use of personal data

That the users’ personal information is shared to developers is not caused by a malware threat or a flaw in Google’s software. Instead, the company is apparently able to do so willingly in compliance with its privacy policy for its app store and Google Wallet payment system. But, according to privacy groups and with careful inspection of the policies, Google does not clearly mention that it is sharing personal information to app developers nor does it create a good deal of effort in informing buying customers.

An anonymous developer told News.com.au that certain information is transferred to devs due to billing and taxing purposes. The main thing that keeps developers from abusing such information is when they signed up and agreed to the “terms of service”. Email addresses are also flagged when users choose to receive marketing and promotional materials. However, Nolan doubts that developers are extremely attentive and obedient to their agreement with Google.

android malware

Possible Consequences

So what this could possibly mean to users? Nolan has a pessimistic answer for that as well:

With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase.

If you are quite alarmed by how Google shares your information in its Play Store, there are always a number of options you can take on your part while waiting for Google to amend its conduct. For instance, the company itself lists in its own privacy policy page some choices such as controlling what information to share and who to share it with, viewing and editing ad preferences and even liberating your data from its services.

For a mobile ecosystem that has become the main target of cybercriminals, Nolan seems right to point out that this has been a “massive oversight by Google.”

“This is a massive, massive privacy issue Google. Fix it. Immediately,” he concluded on his blog.

Comments