Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Android Google Privacy

Google Will Require That Android Apps Let You Delete Your Account and Data (engadget.com) 42

Google wants to make it as easy to scrub an app account as it is to create one. The company has announced that Android apps on the Play Store will soon have to let you delete an account and its data both inside the app and on the web. Developers will also have to wipe data for an account when users ask to delete the account entirely. From a report: The move is meant to "better educate" users on the control they have over their data, and to foster trust in both apps and the Play Store at large. It also provides more flexibility. You can delete certain data (such as your uploaded content) without having to completely erase your account, Google says. The web requirement also ensures that you won't have to reinstall an app just to purge your info. The policy is taking effect in stages. Creators have until December 7th to answer questions about data deletion in their app's safety form. Store listings will start showing the changes in early 2024. Developers can file for an extension until May 31st of next year.
This discussion has been archived. No new comments can be posted.

Google Will Require That Android Apps Let You Delete Your Account and Data

Comments Filter:
  • I wonder (Score:4, Insightful)

    by alvinrod ( 889928 ) on Wednesday April 05, 2023 @01:45PM (#63428298)
    Does Google make it this easy for their users to delete their accounts and all of the data that Google has? I suspect that they just don't want to make it possible for anyone else to built up the kind of data horde that they've amassed.
    • Re:I wonder (Score:5, Informative)

      by EmagGeek ( 574360 ) on Wednesday April 05, 2023 @01:52PM (#63428316) Journal

      Yes, deleting your Google account and data is trivially easy. You can even download a gzip of all of your data before you do it.

      • Good luck using an Android phone without a Google account tho. You are locked in, and Google doesn't want competitors.
        • Re: I wonder (Score:5, Insightful)

          by garett_spencley ( 193892 ) on Wednesday April 05, 2023 @02:22PM (#63428432) Journal

          I use GrapheneOS, which is an Android fork, and it doesn't have any knowledge of my Google account. I could be wrong but I don't think there's anything inherent to Android itself that actually cares, Google Play is another matter. I think it's more accurate to say "Good luck using a phone with Google Play without an account."

          • by UpnAtom ( 551727 )

            Aurora + FakeStore = Google Play withut Google

          • by Luckyo ( 1726890 )

            It's worse. Most apps assume presence of Google Play and use it for things like notifications.

            Misconfigure access rights for Google Play on GrapheneOS, and your notifications either don't work at all, or work intermittently.

            • You use microG for that. Seems to work very well for me, though I don't use notifications so I suppose that I can't verify that they work perfectly. I do still get notifications, until I get around to turning them off.

              There's a ROM, LineageOS for MicroG [microg.org], which provides a preconfigured no-Google version of Android. I've never had any problems with anything I've tried to run using that.
              • by Luckyo ( 1726890 )

                You actually use Google Play for that on GrapheneOS, and then you fine tune permissions (there's a guide on it) so it gets just enough permissions to reliably deliver notifications.

                It's a well documented problem. Basically pretty much all software (even from places like F-Droid) expects Google Play framework to be present and running with system level permissions, and rely on that for delivering notifications to the user. So installing Google Play on GrapheneOS with default permissions means it will have te

            • No notifications? Where do I sign up!?

              Look, I would never suggest that the average every day smart phone user consider installing a different OS on their phone and trying to go without Google Play. Just like I wouldn't have recommended that my mother switch to Linux in the 90s / early 00s.

              For me, personally, I went GrapheneOS in large part to de-Google + de-bloatware + de-spyware my phone and to take control of something that *I* OWN.

              I've never been much of a smart phone user or "fan." Despite being a very

              • by Luckyo ( 1726890 )

                Except that notifications are something you have on dumb phones. In fact, they're so useful they were on more expensive PSTN wired phones when transistors became cheap enough.

                I'm not talking about some random shit. I'm talking about notifications that you missed a phone call not showing up. Notifications that you have text messages from starred contacts not showing up. Because all that expects presence of Google Play with system level permissions.

                Which is why on GrapheneOS, you have to fine tune permissions

          • by AmiMoJo ( 196126 )

            The only issue is that there aren't yet open source replacements for all Google services. For example, there is no equivalent of the activities API. That API can tell an app when you are stationary, walking, or in a vehicle. It's very useful for a whole variety of things, including build an efficient GPS logger.

            When stationary there is no need to log. When walking every 30 seconds is fine, when in a vehicle every 5 seconds is desirable. The open source GPSLogger app used to support it, but the feature was r

          • I'm on my second phone without Google account, getting software via F-Droid and Aurora. Galaxy S22, and everything including various banking apps is perfectly functional. Well, one of the banks failed (Credit Suisse), but I don't think that has to do with my reluctance to connect my phone to a Google account...
      • Re:I wonder (Score:5, Insightful)

        by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Wednesday April 05, 2023 @02:06PM (#63428368) Homepage

        Is it really deleted or just marked deleted and so not available to you any more but visible to the Google profile building software ?

        • Re:I wonder (Score:5, Interesting)

          by Ubi_NL ( 313657 ) <joris.benschopNO@SPAMgmail.com> on Wednesday April 05, 2023 @03:21PM (#63428598) Journal

          I think that would be a GDPR violation in Europe. These things have been famous for getting billion-dollar fines. So unless they are really evil and like your data so much to risk such a fine, my experience with big corp is that being compliant is generally the rule

          • Meh. Laws only matter if they are enforced and offenders get caught. Once something is copied from my computer, I don't control it anymore.

            I'll stick to not using their garbage in the fist place. Not owning a smartphone is getting harder every day, but it's still possible.

            • by Ubi_NL ( 313657 )

              And I would agree with that strategy, I'm just saying that, as someone working in enterprises and dealing with the compliancy bullshit all day long, that it is not very likely scenario.

        • I wonder which copy they will delete? The one that exists on their server at the time that you give the command or also all the other versions that were sold on a regular basis and now reside in hundreds of places? I'm guessing the version on their server when you issue the command.
          • by AmiMoJo ( 196126 )

            Google doesn't sell your personal data. That would be insane, because it's what makes their advertising services so valuable. If anyone else had access to it they would just be creating competition for themselves.

        • Is it really deleted or just marked deleted and so not available to you any more but visible to the Google profile building software ?

          Could someone remind me of why Android is so evangelized around here?

    • Re:I wonder (Score:4, Funny)

      by dirc ( 254647 ) on Wednesday April 05, 2023 @01:53PM (#63428320) Homepage

      It does.

      If you go to your Google account settings, find the section on "Data & Privacy", you will see an option to "Delete Your Google Account". If you select that, you will see a message that says that continuing will delete all your Google data.

      • Re:I wonder (Score:5, Insightful)

        by jenningsthecat ( 1525947 ) on Wednesday April 05, 2023 @03:07PM (#63428570)

        It does.

        If you go to your Google account settings, find the section on "Data & Privacy", you will see an option to "Delete Your Google Account". If you select that, you will see a message that says that continuing will delete all your Google data.

        Yup, Google's pinky swear is good enough for me! It's not as though they'd ever lie about such a thing...

      • by AmiMoJo ( 196126 )

        You can also set up a dead man's switch for your account.

        Go to your Google Account page, Data & Privacy, and then look for "Make a plan for your digital legacy" near the bottom of the page. You can set it to auto-delete your account if you don't log in or unlock any logged in devices for a certain period of time.

  • by 0x537461746943 ( 781157 ) on Wednesday April 05, 2023 @02:00PM (#63428348)

    Even if you call the company, They have stated to me that they cannot delete the account because of regulations requiring them to keep that info for tax reasons. I am assuming they were not lying but they could have been I guess. Deleting all of the data would remove traceability.

    • The featured article links to "Giving Users More Transparency and Control Over Account Data" on Android Developers Blog [googleblog.com], which states:

      For developers that need to retain certain data for legitimate reasons such as security, fraud prevention, or regulatory compliance, you must clearly disclose those data retention practices.

      It also links to "Understanding Google Play’s app account deletion requirements" [google.com], which states:

      Please note if your app falls within a highly regulated industry (such as utilities, healthcare, financial services), it is permissible if you need to provide additional flows to facilitate account deletion requests to completion.
      [...]
      It is possible that your app may need to retain certain data for legitimate reasons such as security, fraud prevention or regulatory compliance. In that case, you must clearly inform users about your data retention practices, for example, within your privacy policy.

      • by dgatwood ( 11270 )

        Please note if your app falls within a highly regulated industry (such as utilities, healthcare, financial services), it is permissible if you need to provide additional flows to facilitate account deletion requests to completion.

        It shouldn't even be *possible* to delete a stock trading account that still has stocks in it, or a bank account that still has money in it. And it probably shouldn't be *too* easy to delete any account irrevocably. Otherwise, it could also be easy for a malicious person to delete someone *else's* account irrevocably.

        For account deletion to be acceptable to users, there must be a grace period after deletion before the data goes away forever, and that grace period must be long enough for the owner of an ac

    • Perhaps they'll just delete your account data but not financial stuff related to your person?
  • But we all know it won't. Because Google and every company is evil and every action they take is dumb and wrong. There is literally no good in the world, any news you think is good is just a scam/lie to placate you.
  • by Artem S. Tashkinov ( 764309 ) on Wednesday April 05, 2023 @02:41PM (#63428510) Homepage
    This could only work if app developers never created backups but many do. What then?
    • by tepples ( 727027 )

      The deletion would take effect in backups as each backup is rotated out of service. Deletion would also add the account to a list of deleted accounts, which any subsequent restoration would exclude and which Google allows apps to keep for regulatory compliance.

    • by AmiMoJo ( 196126 )

      GDPR recognizes that backups are different to live data. It is permissible for a company to delete live data, and wait for backups to expire. They aren't allowed to restore that backed up data for which a delete request has been made, unless there are exceptional circumstances. Saying "we didn't back up the deletion request so can't re-apply it after restoring from a catastrophic failure" probably wouldn't fly, although I don't think it has been tested yet.

      Obviously if you live in the US you are probably SO

  • by jenningsthecat ( 1525947 ) on Wednesday April 05, 2023 @03:10PM (#63428576)

    First we had "security theatre". Now we have privacy theatre as well.

  • by teg ( 97890 ) on Wednesday April 05, 2023 @04:05PM (#63428702)
    Apple required this almost a year ago - originally scheduled for Jan 31st 2022 [macworld.com], the policy was postponed until June 30th 2022 [9to5mac.com].
  • Even supervillains will occasionally do the right thing, even if its only to further their plans for world domination

Beware of all enterprises that require new clothes, and not rather a new wearer of clothes. -- Henry David Thoreau

Working...