Google Store Sends User Information To App Developers

Several readers have passed on news of a privacy hole in the Google app store. Reader Strudelkugel writes with the news.com.au version, excerpting: "Every time you purchase an app on Google Play, your name, address and email is passed on to the developer, it has been revealed today. The 'flaw' — which appears to be by design — was discovered this morning by Sydney app developer Dan Nolan who told news.com.au that he was uncomfortable being the custodian of this information and that there was no reason for any developer to have this information at their finger tips."

Re:"Flaw"?

[CanHasDIY]

Today I learned that app developers don't deserve to be treated like real merchants

They aren't - Google Play is the merchant, the developers are the manufacturers.

Personally, I'd rather not have my contact information sent to the manufacturer of every product I buy.

Re:Comment? No comment.

[CanHasDIY]

Author comment from TFA:

For the people asking how the story was amended: Despite the fact that Google refused to comment on the record, I was asked to change the headline (both the homepage headline and SEO headline inside the story), as well as the standfirst and lead (first paragraph). Google's issue was with the use of the word "flaw". Apparently a system that is designed to share users information with developers without their knowledge or permission and without explicitly saying so in any terms of service is not considered to be a flaw. I have no problem amending stories if they are factually incorrect but the fact is neither developers nor customers were aware of this information sharing and Mr Nolan is not the only developer to express concern over having this information at his disposal. There's little reason app developers should have this information. If Google was going to share this information they should have been clear about this from the start. Hope this clears things up.

Re:"Flaw"?

[dagamer34]

If this were the iOS or Windows Phone stores, then yes, that would be true. But with Google Play, the developer actually IS the merchant. The Play Store itself is only an intermediary. The system is setup like any other online store where there are "ordered" and goods are "shipped". Blame the fact that Google basically grafted the paid Android store onto a system that was meant for real-world goods. Honestly though, this isn't news. Every Android developer has known this for YEARS. And this is no different than any other online store out there.

And this is a surprise how?

[dryriver]

Google logs the private search data of billions of people across the world, and voluntarily pipes all of it to various 3 letter agencies in the U.S. ---- Google has no understanding of what privacy is, had not had an understanding of what privacy is, and will likely never have an understanding of what privacy. ----- Google is a spying machine disguised as a useful search engine. Period. ----- None of what they are doing on their app store is thus terribly surprising. Google suxxors at protecting your privacy. Something we all have to live with (... and the reason I personally don't use Google's services anymore).

Re:"Flaw"?

[Anonymous Coward]

I would like to get data from iOS sales too!

Speaking as an iOS user, I don't want you spamming me.

This is new?

[Niris]

Wait, this is new? I released my first paid app in November, and the only information you get is email, zipcode/city and name. I've been using the zipcode information to put pins in a map to see everywhere in the world I've sold to, heh.

Re:How is this a big deal?

[TraumaHound]

this is already true for every Paypal or credit card purchase you've ever made too

It's not true (and shouldn't be true) for digital purchases. Apple doesn't provide developers with any personal customer information for app purchases. Valve doesn't for Steam purchases. Amazon doesn't for digital software purchases. Microsoft doesn't for app or Xbox purchases.

Google is unique in this regard and not in a good way.

Re:"Flaw"?

[daniel78]

This is simply not true. Stupid as it may seem, Google has set up the Play store so that they are merely the "card processor". I agree that it seems a bit of a stretch, but that's the way it is. As such, the app developer really is the merchant. That's why you get receipts (via google checkout) from Joe Bloggs LLC rather than from Google itself.

this is simply not true

[spottedkangaroo]

You do get name, city name, and zip... you do not get an address. That's simply false.

This is ABSOLUTELY needed.

[musixman]

Every app developer purchases traffic via banners / text links to promote their app. Without this campaign data being passed along there is no way to tell the conversion ratios! Very very serious

Inaccuracies in the article!

[Agent0013]

I am a Google Play developer. I have noticed that I get the names, email, and location of the purchases. This does not include the address though. Only the town, zip, and country. I have looked back at old records and see the email address listed in the purchase records, but I seem to recall this being obscured previously. Unless I am mistaken in some way, it used to give a long apparently randomly created email address for each purchase. I had assumed that this would forward or link to their real email address through Google's records of the purchase, but it looks like they did away with that and now just have your email address listed in the purchase record.

Personally, I find no reason to have the email address. There is nothing I would want to contact them about. But the sales are in a more general form. It's actually Google Checkout that does the sales for the Google Play store. You could sell knitted sweaters through your Google Checkout account and the shipping and delivering and returns are all a part of the processing procedures. When someone cancels a Play purchase, the entry has a notice to me that I should not ship the product to them. This is even though it is an Android App that Google itself handles all the delivery of. So I can see why some contact with the buyer might be necessary in some cases, but not with a typical Play store purchase.

<Rant Begin> The people I would really like to be able to contact would be the ones who leave stupid reviews. "One Star - It really needs so and so feature!" Hey dumbass - it has that feature! Of course I am much more polite with my real communications to bug reports and such, but it amazes me how many people don't even pay attention to the hints, instructions, and preferences that I have given to make sure they see what they can change. <Rant End>

Re:And this is a surprise how?

[kllrnohj]

and voluntarily pipes all of it to various 3 letter agencies in the U.S

Bull. Fucking. Shit.

Google only hands over data when legally required to and documents complied requests publicly: http://www.google.com/transparencyreport/userdatarequests/ [google.com]

And FYI, every web server logs every request you make - that's web server admin 101.

It's not about the app,

[Grand Facade]

The app is just a vehicle to generate marketing leads, that is where the gold is.

Re:That Depends

[markana]

I have free apps in the Play store - and have *never* recieved customer information about those apps. Never. The customer info is only for paid apps, to facilitate tax collection.

Re:"Flaw"?

[PopeRatzo]

I've sold software on Google Checkout/Wallet since day one, and always expect/demand customers data.

And I expect/demand that every woman on the #151 Sheridan bus give me sex, but I've got no right to it.

Re:"Flaw"?

[Krojack]

If this were the iOS or Windows Phone stores, then yes, that would be true. But with Google Play, the developer actually IS the merchant.

The problem here is that it's not presented that way. The Play Store appears, to the customer, exactly like any other storefront. If it's really more like a flea market with individual merchants all collected together under one roof, instead of like a retail store, then this is something that is not only obscured to the buyer (which is a gross deception), it's also not even obvious to the developers, who seem quite surprised to receive this amount of info.

Only do those not reading. When you click the "$1.99 Buy" button then "Continue" button, you're presented with Google Checkout:

Review your purchase
Pay to:
Pay with:

Google Checkout is nothing more then an online merchant processor and works just like PayPal.