Google's Updated Android App Data Privacy Policy Puts Developers On The Honor System
Near the end of 2020, Apple introduced a dedicated app privacy section to the App Store, requiring developers to disclose what user information is linked to users’ identities and used to track them. Then, in May of 2021, Google announced that a similar feature was in the works for its Play Store. Almost a year later, Google unveiled the new data safety section intended to provide users with information regarding not only what data apps collect and share, but also how apps and the companies behind them secure that data.
When Google revealed the data safety feature in April of this year, the company gave app developers until July 20th to fully disclose their data collection, sharing, and security practices. As that date nears, Google has been rolling out some visual changes to the Play Store that include the addition of the data safety section. However, rather than simply adding the data safety section, the company seems to have added this section in place of the long-standing app permissions section.
When Google revealed the data safety feature in April of this year, the company gave app developers until July 20th to fully disclose their data collection, sharing, and security practices. As that date nears, Google has been rolling out some visual changes to the Play Store that include the addition of the data safety section. However, rather than simply adding the data safety section, the company seems to have added this section in place of the long-standing app permissions section.
Android apps require certain permissions to function as intended by the developers, and the Google Play Store has historically included a section that displays the permissions required by each app. The permissions list can give users insight into what sensors or information an app may access, which can be valuable information for assessing whether an app meets one’s privacy and security preferences. Despite the utility of this section, it recently disappeared from the Google Play Store, with the new data safety section standing in its place.
Google’s announcement of the data safety section said nothing about removing the app permissions section, but the company looks to have swapped one out for the other. Google’s justification for this decision may be that the app permissions list could be confusing for users who aren’t knowledgeable of Android app permissions, potentially scaring users away from installing apps that have entirely mundane permissions requirements.
However, the app permissions section, as it previously stood, wasn’t prominently displayed anywhere on the landing page for each app. Users had to seek out the list of app permissions by looking at the additional app information section and tapping “See More” next to App permissions. This information was mostly targeted at more advanced users, and there doesn’t seem to be any significant harm in leaving it be. Providing permissions information for users who want it seems to be a positive, particularly when some app developers may not be entirely trustworthy.
As we discussed previously, when Google first revealed the data safety section, the company’s documentation makes clear that it’s review process will not check whether app developers properly disclose their data safety practices. The documentation instead puts that responsibility solely on the app developers. As a result, it’s entirely possible that some app developers could decide not to accurately and fully disclose their sharing and collection of user data. The automatically generated list of app permissions could potentially enable users to determine that an app’s data safety section isn’t entirely truthful, but the Play Store now no longer lists that information, unlike F-Droid and Aurora Store.
Google’s announcement of the data safety section said nothing about removing the app permissions section, but the company looks to have swapped one out for the other. Google’s justification for this decision may be that the app permissions list could be confusing for users who aren’t knowledgeable of Android app permissions, potentially scaring users away from installing apps that have entirely mundane permissions requirements.
However, the app permissions section, as it previously stood, wasn’t prominently displayed anywhere on the landing page for each app. Users had to seek out the list of app permissions by looking at the additional app information section and tapping “See More” next to App permissions. This information was mostly targeted at more advanced users, and there doesn’t seem to be any significant harm in leaving it be. Providing permissions information for users who want it seems to be a positive, particularly when some app developers may not be entirely trustworthy.
As we discussed previously, when Google first revealed the data safety section, the company’s documentation makes clear that it’s review process will not check whether app developers properly disclose their data safety practices. The documentation instead puts that responsibility solely on the app developers. As a result, it’s entirely possible that some app developers could decide not to accurately and fully disclose their sharing and collection of user data. The automatically generated list of app permissions could potentially enable users to determine that an app’s data safety section isn’t entirely truthful, but the Play Store now no longer lists that information, unlike F-Droid and Aurora Store.
