
Android: applications can now lie about the personal data they collect
The Google Play Store has changed its privacy policy again. Now users can no longer see what kinds of permissions an app requests after installation, which could greatly impact their security.
Earlier this year, the Google Play Store launched a new data privacy section that relies on developers to disclose the information their apps collect. It will therefore be harder for Android users to know what types of data apps are trying to access once they have been installed.
Indeed, as Esper editor Mishaal Rahman pointed out, this could mean that Google will soon no longer display the verified list of permissions it automatically collects from each applicationgiving developers full control over what they choose (or don’t choose) to disclose to users.
The Google Play Store will remove the preview of app permissions
As Google’s developer deadline for the Play Store’s new “Data Security” section approaches, we’re starting to see what the future of privacy will look like on the US giant’s app store. As a reminder, the new Data Security section of the Play Store is Google’s response to a similar feature in iOS 14which displays a list of privacy considerations provided by developers, such as what data an app collects, how that data is stored, and who it’s shared with.
According to some users, it seems that Google has already removed the list of “permissions” from the Play Store. The mobile app and the web version of the store no longer show what permissions an app might need to work properly. The new “data security” serves as a replacement to some extent. For example, if an application indicates thatit collects your location information, that means it will need to get location permission. However, the developers would still have to tell you what data is stored.
Also read – Android: Google will better protect users against unused applications
Google will not require developers to be transparent about the data collected
Google has an interface in its Play Store Developer Console that lists a whole host of personal data types and device data for the developer to navigate. It must therefore in theory disclose how they are processed by its application.
However, although developers can now explain how and why each piece of data is collected, they will now have the ability to lie about how they use all that data. Google says it will take the appropriate measures if he finds discrepancies between the information declared by the developers and the application itself, but we imagine that certain applications will fall through the cracks of the giant’s controls.
However, Google specifies that, in certain cases, the developer has “ no need to disclose the data as “collected”, even if the data technically leaves your device “. When it comes to data sharing, developers have the possibility to specify if their application shares your data with a third party and to specify their typebut again, it will not be necessary to declare that data is ” shared “.
In other words, Google indicates in its guidelines that providing false information relating to data collection could lead to penalties, but that the developers will not be penalized if they say nothing about it.
Apple already trusts developers on the App Store
For its part, the Apple App Store has implemented a similar policy for information relating to the protection of privacy. The store also requires developers to submit ” self-reported summaries about the privacy practices of their apps. Apple is already doing trust developers to provide truthful information about the data collected by their applications, but these are often misleading or inaccurate.
Either way, it looks like Android users will soon face a serious lack of transparency from developers. Apps such as Facebook, Amazon, Twitter, Disney+, Discord, and many others don’t mention anything about data security yet. Even DuckDuckGo still lacks transparencywhile the browser is nevertheless committed to the safety of its users, despite the recent controversy involving Microsoft.