Google Store Sends User Information To App Developers 269
Several readers have passed on news of a privacy hole in the Google app store. Reader Strudelkugel writes with the news.com.au version, excerpting: "Every time you purchase an app on Google Play, your name, address and email is passed on to the developer, it has been revealed today. The 'flaw' — which appears to be by design — was discovered this morning by Sydney app developer Dan Nolan who told news.com.au that he was uncomfortable being the custodian of this information and that there was no reason for any developer to have this information at their finger tips."
Comment? No comment. (Score:5, Interesting)
From the article:
Google has not responded to news.com.au's request for comment.
UPDATE: This story has been amended at the request of Google.
So has Google responded or not?
Like giving Sony my info for buying at Best Buy. (Score:4, Interesting)
What I think many commentators are missing is that Google, as the actual seller of the app, is like a retail outlet. The app developer is selling through Google, not directly.
What Google is doing here is like Best Buy sending my information to Sony if I purchase a Sony camera at Best Buy.
I hope they stop this leaky, unpredictable practice. It's counter-intuitive to what the buyer rightfully expects, which is that their information is exposed to the primary seller only (Google) and not secondary providers like the app developers.
I didn't realise this was a secret (Score:5, Interesting)
I understand that it might not be immediately obvious, but I don't think this was a secret by any means. It uses Google Wallet for payments, which is essentially Google's answer to PayPal, and this gives your contact details to the person you are buying from. The first time I bought anything from Google Marketplace, I received a confirmation email from the developers themselves, it never occurred to me that people might not realise this.
I can see both sides of the argument. I've seen what happens when developers don't have this information, such as with Apple's App Store - it's very frustrating as you want to reach out to customers that have had problems and posted negative reviews to try to solve their problem and prevent it from happening to anybody else, but you've got no way of contacting them.
On the other hand, I've been spammed by people I've bought goods from through Amazon's Marketplace, so I'm not keen on that happening again. The ideal solution would be for Google to provide a forwarding, anonymised email address to the developers, like Facebook do with Facebook app developers.
Re:Comment? No comment. (Score:4, Interesting)
Do no evil. When caught, redefine evil.
Looks like I won't be getting any more apps on my Android phone, because I did not consent to that data being provided to anybody other than Google, and where I live, that's illegal.
Re:"Flaw"? (Score:5, Interesting)
If this were the iOS or Windows Phone stores, then yes, that would be true. But with Google Play, the developer actually IS the merchant. The Play Store itself is only an intermediary. The system is setup like any other online store where there are "ordered" and goods are "shipped". Blame the fact that Google basically grafted the paid Android store onto a system that was meant for real-world goods.
Honestly though, this isn't news. Every Android developer has known this for YEARS. And this is no different than any other online store out there.
Apple does not give you a 1099-- you are the seller, and Apple is acting only as an intermediary. That being said, Apple does not share ANY of this information with publishers. Even magazine sellers via Newsstand on an iOS device can only receive customer information if the customer opts-in to it. Apple's profit model is to sell more devices, and keeping strict privacy guarantees for customers helps sell devices. Google's profit model is to sell advertising, so people expect far less protection from Android. But legally they're both intermediaries between the buyers and the sellers.
Re:Does not help with that (Score:3, Interesting)
When a support request comes in, you can ask "what email address do you use for your Google Play account" and move on from there.
What a great way to piss off customers. Good luck with that.
If they are asking you questions about your app pretty obviously they are users, therefore they should get help. It's called "customer service" and it pays off even if they did not pay for your app. A happy customer that didn't pay is still just as good at providing good worth of mouth for future sales.
Tell that to Redhat or any number of open-source companies that survive on charging for support on their otherwise free product.
That's a totally different case where obviously they live on support. Of course they are not going to help people for free.
No app (that I know) could possibly use support as a business model. It's a bad idea because the average user needing support means, hands down, that you failed in app design to build an app people can use.
App makers get money (currently) off ads or outright charging for the app. Either way they are better off just helping whoever asks, rather than turning people away and being miserly with advice.
The fact that you were modded up illustrates just why it's so easy for a smart app developer to make money these days, because all you have to do is build something decent and not be an asshole to your customers. That would seem to be a high bar indeed for many technical people.
Re:Counterpoint: Supporting your customers. (Score:4, Interesting)
I am not going to argue that this doesn't provide some legitimate value, for legitimate trustworthy developers. The problem is we can't assume that every developer is honest and trustworthy.
It is painfully obvious that there are applications out there that are trying to trick users into downloading a crap app. Some apps will have the exact same name as an iOS only app, with screenshots from the original app, but with fine print that it is only a "fan app".
I don't know what their intention is, but now that I know what their intentions is, but now that I know that develops can collect this kind of information, I wouldn't be surprised if their existed shady developers were releasing apps as honeypots to collect personal information.
There is no reason why Google could not create some kind of API to hash users so that a developer could only e-mail users by going through Google, and that abuses of contact information could be traced to a developer for disciplinary action.
Re:"Flaw"? (Score:4, Interesting)
How does Apple handle the local sales tax issue? If I sell an app to a customer in my state, I'm obligated to remit the correct sales *for that customer's location*. Does Apple graciously compute the correct tax for every little taxing district, and automatically add that to the app price? How do they report that to the developers, for their B&O tax returns?
Or are Apple app developers ignoring it and waiting to get slammed by the tax authorities?
Re:Seems legit (Score:4, Interesting)
Google processes the payment. They aren't the seller, and they have no responsibility to collect, or pay, sales taxes. Which is probably one of the reason Google uses that model for Google Checkout (including, but not limited to, sales from Google Play) rather than the retailer model.