Google Play's App Listings Will Require Privacy Info Next Year, Just Like the App Store

Starting next year, apps on Google Play will show details about what data they collect, as well as other information about their privacy and security practices, in a new safety section in their listing. From a report: The announcement comes just a few months after Apple started displaying similar privacy information in the App Store. In the same way Apple's policy covers both its own apps and those developed by third parties, Google says its first-party apps will also be required to provide this information. According to Google, the initiative is meant to "help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security." The section will detail what user data an app has access to (like location, contacts, or personal info like an email address), but Google says it also wants to let developers give context to explain how it's used and what it means for their apps' functionality.

In particular, Google says apps will give information about whether data is encrypted, whether they comply with Google's policies around apps aimed at children, and whether users can opt out of data sharing. Google says the information will also highlight whether a third party has verified the app's safety section, and whether users can request that their data be deleted. The new policy won't come into effect for several months, and Google says this should give developers enough time to implement the changes.

Well it is a good start..

[luvirini]

.. but the basic problem is the android system that tracks absolutely everything you do.

Re:Well it is a good start..

[JohnnyMindcrime]

Correction. The Google Android system (containing Google Apps) tracks everything you do.

The AOSP-based Android system with no Google Apps installed tracks nothing by default - there is no Google Play Services layer in it to initiate that tracking.

If you install Graphene or Lineage OS, you don't even log into the phone with an identity - which you always have to do with a Google Android phone.

Re:

[WaffleMonster]

The AOSP-based Android system with no Google Apps installed tracks nothing by default - there is no Google Play Services layer in it to initiate that tracking.

If you install Graphene or Lineage OS, you don't even log into the phone with an identity - which you always have to do with a Google Android phone.

One still has to be careful with configuration to avoid Google. LineageOS comes with tcpdump which is useful for collecting data over time to detect any unexpected leakage.

A by no means exhaustive list:

Google caller lookup hooks enabled in the phone apps.
GPS use of Google SUPL
Use of Google WiFi/Bluetooth location crowdsourcing when enabled in location
Google NTP servers
Google DNS servers
Google NLA network status servers
Web browsers that call home to Google
Webview should always be firewalled or replaced

Re: Well it is a good start..

[BAReFO0t]

How about a basic whitelisting firewall.

Like with a thing that asks "Do you trust $entities_the_data_goes_to?". And a way to optionally pick presets during the initial configuration of the phone, so that first wave of annoyances is already cleared.
Also, some exception can be added, whenever it is very clear that it was the intent of the user, and not some not fully trusted code launching it automatically or something that misleads one.

Since everything on my phone always and without exception goes to my home

Re:

[JohnnyMindcrime]

AOSP does a lot of that stuff already. Privacy Guard is built in and lets you control on an app-by-app basis what each one can do and has access to - but that's things like "access to contacts", "access to make phone calls", etc. etc.

I personally don't care about allowing data access to entities, I simply want to block them all from taking my data from the phone. But I should also add that I don't treat phones and tablets as anything more than "convenient toys" that I make phone calls on, do a few texts, a

Re:Well [Safety Section] is a good start..

[shanen]

Surprisingly good FP, though it's hard to figure out what the scope of your "it" is supposed to be.

My take is that the idea of a "Safety Section" is a good step. However, it is something that should have been considered and included from the git-go. That the google is only adding it now is additional evidence of how EVIL the google has become.

However I think a much better step would be a "Financial Model Section" to reveal where the money is. First step in investigating any professional crime is to follow t

What about third parties

[Rosco P. Coltrane]

Okay so I install that 1st party app that Google assures me cross-their-heart-and-hope-to-die uses encryption and respects my privacy, and the publisher - including Google itself - turns around and sell the data to every Dick, Tom and Vladimir on the internet. Because that's what happens, otherwise where does their income comes from?

So what's new here apart from a false sense of security?

Re:

[JohnnyMindcrime]

Absolutely nothing. Google don't want you installing a Google-free Android build on your device, that's the reason they are using this "flowery language" now.

Re: What about third parties

[BAReFO0t]

That's not income. You are describing organized crime.

Yeah, we say that is organized crime now. It's new but it's a thing now.

Got anything of any worth whatsoever? Then just ask for the amount of money that it is worth. By definition, you will be paid. Otherwise, fuck off and die; you've literally proven that you are defrauding people with worthless crap, on top of stealing their data without their consent, which is literally a crime since the GDPR, at least here.

They wanted a free market, they said. They d

Nothing about trackers?

[JohnnyMindcrime]

The Aurora Store app that can be downloaded from the Android F-Droid repository allows anonymous access to any free apps in the Google Play Store. When you use it to search for an app in the Play Store, it shows how many trackers are built into each app and the name of the trackers - of course, most of them are owned by Google.

This is probably the most important piece of information you need when it comes to security and privacy, yet no mention of Google themselves giving you that information.

It's a moot point anyway - if you run an AOSP-based Android build with no Google Apps on it, then Google can't track you anyway, and if you stick to Open Source apps anyway, there's no likelihood of any data being stolen.

So just don't use Google Android in the first place.

Re:

[AmiMoJo]

The biggest thing Android could do to improve privacy is to make the internet access permission optional. Most of my apps don't need internet access and should not have it.

You can do it with third party firewalls or if your phone is rooted/running and different distro, but it should really be standard in Android.

Boilerplate

[fluffernutter]

My boilerplate privacy statement does nothing to make my app more secure.

Re: Boilerplate

[BAReFO0t]

Are you confusing security and privacy?
Because they are often opposites too.

It's about influencing the market into a better world.
Of course it hinges on people actually reading signs.
And judging by how many completely missed the big fat warning that you need a shopping cart to enter the supermarket, which *literally* blocked half the door and had red letters bigger than your head, I'd say they chose to literally not be people, but something between mindless automatons, zombies and drones, in a permanent wal

Just anticipating the law.

[BAReFO0t]

It is or will be kinda law in many countries over the next years. So this is more of a regulation-avoidance scheme (that won't work, because the avalanche has already started and momentum is too great).

It will be funny when *they* themselves have to declare everything in big great warning signs. :)

Regulation is necessary

[gr8dude]

This is a good idea, but regulation is necessary to make it work.

We have a solution from Apple, and one from Google - they're different, but these things should be presented to users in a consistent format, like "nutrition facts" labels.

Another concern is the lack of regulation around it - what happens if a program violates the declared rules? They're going to get kicked off the play|app store, and that's it? There must be more serious consequences, otherwise there's no incentive to change your practices.

I

Subject

[KevinHayes]

Yes, I read that this is necessary in order to understand what data the application collects or transmits, whether this data is safe, as well as additional information that affects privacy and security. writemyessay [writemyessay.onl]