| || |
Google Play(ing with your personal info)
February 17, 2013 - Chris Tomassucci
Dan Nolan, an app developer in Sydney, Australia, discovered quite a disturbing feature in the Google Play app store.
Anyone purchasing an app from Google Play — an application distribution platform (like Apple's App Store) designed for Android devices and maintained by Google since last year — has also unknowingly been providing application developers with their personal information.
App developers have been receiving the e-mail addresses, neighborhoods and often full names of their customers each time they sell an app through Google Play.
Even more disturbing: Although the information sharing feature was intentionally included in the Play software, Google's terms of service do not explicitly inform customers about it. Nor does Google allow customers to opt-out of the sharing.
Nolan voiced his concerns in a Feb. 13 blog post:
"If you bought the app on Google Play (even if you cancelled the order) I have your email address, your suburb, and in many instances your full name. Each Google Play order is treated as a Google wallet transaction and as such software developers get all of the information (sans exact address) for an order of an app that they would get from the order of something physical."
Nolan mentioned Google Wallet, a mobile payment platform developed by Google that allows users to store their credit or debit card information to make purchases online and even at certain participating brick-and-mortar stores (a bit like PayPal, who incidentally took Google to court for "misappropriation of trade secrets" over similarities between the two services) .
Google promotes the service this way on their website:
The new version of the Google Wallet app supports all your credit and debit cards. Carry them with you on your phone or computer. Shop faster, smarter and safer, in-store and online.
In an online purchase involving "something physical," as Nolan put it, personal data is necessarily transmitted from consumer to seller. For example, if you decide to buy that football signed by the '96 Green Bay Packers from an online sports memorabilia store, you want the seller to have your home address. That way the football can be delivered to your door.
The apps purchased through Google Play, however, do not need to be shipped to your door. They are simply installed on your mobile device. I can think of no reason a developer should get my personal information when I buy their app from Google Play, at least not without my explicit consent (and about a dozen reasons off the top of my head why they probably shouldn’t).
So, what problems could arise from Google Play giving your info to app developers this way? In other words, what could happen to you if your info is given to app developers as if you are buying something physical each time you purchase a mobile app?
In his blog post, Nolan candidly explains what worries him as a developer.
“With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase,” Nolan wrote in the post. “Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it and it’s made crystal clear to them that I’m getting this information.”
It's great to have a developer willing to give up the possible commercial implications of having all those e-mails to spam in order to shed some light on this.
What Google does is important. The company is such a giant in the tech world that all users of the internet are almost certainly users of one of Google's products or services. We need to know if and when they are selling or giving out our personal information.
News, Blogs & Events Web