Google Play Store Starts Forcing Better Data Collection Transparency For Android Apps
Back in May of 2021, Google
announced that privacy labels
would be coming to the Google Play Store. Now, almost a year later, the company has announced that it will soon be rolling these labels out to the Play Store with requirements for application developers. The Google Play Store already features an expandable permissions section. However, while this section offers a fairly detailed look into all the connections and device features that an app may try to access, it doesn’t make clear what information the app may be accessing, collecting, or even selling.
A look at the Google Play Store’s new data safety section
Google Play Store listings will soon feature a new “Data safety section” with three primary categories: shared data, collected data, and security practices. Each category is further divided into subsections that can each be expanded for more detail, including a description of purpose. According to Google, “Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties. In addition, users want to understand how app developers are securing user data after an app is downloaded.”
The data safety section will also indicate whether an app is committed to following the Google Play Families Policy, as well as whether users can delete their data and whether an app’s security practices have been validated against a global security standard. Google specifically references the Mobile Application Security Verification Standard (MASVS) in its blog post.
Apple’s app privacy details feature
This new Google Play Store feature comes after Apple
implemented an app privacy section in its App Store back in December 2020. This privacy practices notice was part of a larger privacy push by Apple in which it threatened to expel
from the app store apps that track users without their permission. This privacy push seems to have crushed Facebook’s data mining
of iOS users and forced Google to change its ad tracking tech
However, it has yet to be seen how strictly Google will enforce data collection transparency. Google will require app developers to fill out the data safety section, but not all developers may provide accurate information about their data collection practices, especially since Google says apps will be rejected from the Play Store if their listed data collection practices are not compliant with the Developer Program data transparency and control policies.
Google’s documentation says that it will take enforcement action in the case that a developer does not provide accurate information, but it is highly unlikely that Google will be able to manually review every app and app update to ensure that their data safety sections are truthful. The documentation even states that the review process does not exist for this purpose: “Google’s review process is not designed to verify the accuracy and completeness of your data safety declarations. While we may detect certain discrepancies in your declarations and we will be taking appropriate enforcement measures when we do, only you possess all the information required to complete the Data safety form. You alone are responsible for making complete and accurate declarations in your app’s store listing on Google Play.
Aurora Store’s integration of Exodus Privacy reports
While we’ll have to see how well Google polices real data collection transparency with this new feature, a data safety section is a welcome addition to the Play Store. Aurora Store, a third-party Google Play Store client, has relied on Exodus Privacy reports to display the trackers present in Android apps, but even this feature hasn’t made clear what user data apps are collecting and sharing and for what purpose.
According to Google’s blog post
announcing the feature, users will begin seeing the new data safety section in Play Store listings any day now, but app developers have until July 20th to fully complete this section. Google has begun notifying developers of this requirement by way of its rolling email system.