Google Unwanted Software Policy – It’s a fight against snooping apps

Google has expanded enforcement of Google’s Unwanted Software Policy waring Android developers to explicitly declare data collection behaviors.

A few days ago, Google was caught collecting users’ location data even when location services were disabled, many privacy experts questioned the behavior of the tech giant.

Google promptly admitted the practice and suspended it.

Now Google made another move to protect the privacy of its users, it has warned Android developers to explicitly declare data collection behaviors of their apps.

Google revisioned the Safe Browsing rules expanding the enforcement of Google’s Unwanted Software Policy.

“In our efforts to protect users and serve developers, the Google Safe Browsing team has expanded enforcement of Google’s Unwanted Software Policy to further tamp down on unwanted and harmful mobile behaviors on Android.” reads the announcement published by Google.

“As part of this expanded enforcement, Google Safe Browsing will show warnings on apps and on websites leading to apps that collect a user’s personal data without their consent.”

If the developers don’t comply with Google rules within 60 days, the company will warn users via Google Play Protect or on webpages that lead to these apps.

“Starting in 60 days, this expanded enforcement of Google’s Unwanted Software Policymay result in warnings shown on user devices via Google Play Protect or on webpages that lead to these apps.” the announcement said.

Developers of apps that handle either personal data (phone number, e-mail) or device data (such as IMEI number) must prompt the user, and include a privacy policy in the app.

“Additionally, if an app collects and transmits personal data unrelated to the functionality of the app then, prior to collection and transmission, the app must prominently highlight how the user data will be used and have the user provide affirmative consent for such use,” added Google.

Data collection requirements apply to all functions of the app, including crash reporting, the company highlighted that apps cannot transmit the list of installed packages unrelated to their app without an affirmative consent.

Developers can also request an app review using this article on App verification and appeals, it contains guidance applicable to apps in both Google Play and non-Play app stores.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Google Unwanted Software Policy, privacy)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.