Google Cracks Down on Android App Info Collection

Google' Safe Browsing team has expanded the enforcement of the company's Unwanted Software Policy, promising to flag Android apps in Google Play that collect personal information about users without their consent.

To avoid such flagging, Android developers need to prompt users before data such as phone numbers or email addresses is collected. Furthermore, they must provide a privacy policy in such apps.

"Additionally, if an app collects and transmits personal data unrelated to the functionality of the app then, prior to collection and transmission, the app must prominently highlight how the user data will be used and have the user provide affirmative consent for such use," Paul Stanton of the Safe Browsing Team said in a blog post Friday.

"These data collection requirements apply to all functions of the app. For example, during analytics and crash reportings, the list of installed packages unrelated to the app may not be transmitted from the device without prominent disclosure and affirmative consent."

The privacy crackdown affects apps in the Google Play store and non-Play app markets, and Google will also show warnings on Web sites that lead to apps collecting data without consent.

Google's Unwanted Software Policy contains a section titled "Snooping" that says:

Software that collects or transmits a user’s personal information must be transparent about doing so.
  • Software that collects and/or transmits users’ personal information must be transparent about it by providing an explanation in clear and straightforward language that describes what information would be collected or transmitted and for what purpose. The language should be clearly visible and easy to read on the screen. Disclosure is especially important if data collection is a non-obvious feature of the software.
  • Software must not collect sensitive information such as banking details without proper encryption.

The expanded enforcement flagging will start in 60 days, Google said, when warnings will start to appear on problematic apps and sites that lead to such apps.

The company also provided some advice to developers.

"Developers whose apps show warnings should refer to guidance in the Unwanted Software Help Center," the post said. "Developers can also request an app review using this article on App verification and appeals, which contains guidance applicable to apps in both Google Play and non-Play app stores. Apps published in Google Play have specific criteria to meet Google Play’s enforcement of the Unwanted Software Policy; these criteria are outlined in the Play August 2017 announcement."

About the Author

David Ramel is an editor and writer for Converge360.