Purchases made on Google Play disclose users’ personal info to app devs
Google is again under attack for its apparent mishandling of its users’ personal information. Not so long after Microsoft criticized the Search giant’s treatment of email contents of its Gmail users, a new privacy issue has surfaced all over the Internet: too much customer information is shared to app developers.
Australian developer Dan Nolan lambasted Google in his blog post on Wednesday, declaring a ‘Massive Google Play Privacy Issue.’ He found out that when users purchase an app, its corresponding developer obtains personal details such as email and physical address, even real names. Nolan discovered that he has obtained a fair share of customer info himself after logging into his Google Play merchant account to update his payment details.
For a little background, the Paul Keating Insult Generator is Nolan’s sole Android app, a ported version of his iOS app that automatically produces insults that are based on the wit of the titular Australian politician. The app has gained quite a popularity in the App Store, which motivated Nolan to create one for Android.
Google’s use of personal data
An anonymous developer told News.com.au that certain information is transferred to devs due to billing and taxing purposes. The main thing that keeps developers from abusing such information is when they signed up and agreed to the “terms of service”. Email addresses are also flagged when users choose to receive marketing and promotional materials. However, Nolan doubts that developers are extremely attentive and obedient to their agreement with Google.
So what this could possibly mean to users? Nolan has a pessimistic answer for that as well:
With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase.
For a mobile ecosystem that has become the main target of cybercriminals, Nolan seems right to point out that this has been a “massive oversight by Google.”
“This is a massive, massive privacy issue Google. Fix it. Immediately,” he concluded on his blog.