Google Will Require That Android Apps Let You Delete Your Account and Data (engadget.com) 42
Google wants to make it as easy to scrub an app account as it is to create one. The company has announced that Android apps on the Play Store will soon have to let you delete an account and its data both inside the app and on the web. Developers will also have to wipe data for an account when users ask to delete the account entirely. From a report: The move is meant to "better educate" users on the control they have over their data, and to foster trust in both apps and the Play Store at large. It also provides more flexibility. You can delete certain data (such as your uploaded content) without having to completely erase your account, Google says. The web requirement also ensures that you won't have to reinstall an app just to purge your info. The policy is taking effect in stages. Creators have until December 7th to answer questions about data deletion in their app's safety form. Store listings will start showing the changes in early 2024. Developers can file for an extension until May 31st of next year.
I wonder (Score:4, Insightful)
Re:I wonder (Score:5, Informative)
Yes, deleting your Google account and data is trivially easy. You can even download a gzip of all of your data before you do it.
Re: I wonder (Score:2, Interesting)
Re: I wonder (Score:4, Informative)
Aptoide is your friend
F-Droid is your friend. A lot of stuff on there is a bit dated, but at least it has decent search capability. I just visited the Aptoide site, and its search function seems pretty much useless unless you're searching for a specific app name.
Re: I wonder (Score:5, Insightful)
I use GrapheneOS, which is an Android fork, and it doesn't have any knowledge of my Google account. I could be wrong but I don't think there's anything inherent to Android itself that actually cares, Google Play is another matter. I think it's more accurate to say "Good luck using a phone with Google Play without an account."
Re: (Score:2)
Aurora + FakeStore = Google Play withut Google
Re: (Score:2)
It's worse. Most apps assume presence of Google Play and use it for things like notifications.
Misconfigure access rights for Google Play on GrapheneOS, and your notifications either don't work at all, or work intermittently.
Re: (Score:2)
There's a ROM, LineageOS for MicroG [microg.org], which provides a preconfigured no-Google version of Android. I've never had any problems with anything I've tried to run using that.
Re: (Score:2)
You actually use Google Play for that on GrapheneOS, and then you fine tune permissions (there's a guide on it) so it gets just enough permissions to reliably deliver notifications.
It's a well documented problem. Basically pretty much all software (even from places like F-Droid) expects Google Play framework to be present and running with system level permissions, and rely on that for delivering notifications to the user. So installing Google Play on GrapheneOS with default permissions means it will have te
Re: (Score:2)
No notifications? Where do I sign up!?
Look, I would never suggest that the average every day smart phone user consider installing a different OS on their phone and trying to go without Google Play. Just like I wouldn't have recommended that my mother switch to Linux in the 90s / early 00s.
For me, personally, I went GrapheneOS in large part to de-Google + de-bloatware + de-spyware my phone and to take control of something that *I* OWN.
I've never been much of a smart phone user or "fan." Despite being a very
Re: (Score:3)
Except that notifications are something you have on dumb phones. In fact, they're so useful they were on more expensive PSTN wired phones when transistors became cheap enough.
I'm not talking about some random shit. I'm talking about notifications that you missed a phone call not showing up. Notifications that you have text messages from starred contacts not showing up. Because all that expects presence of Google Play with system level permissions.
Which is why on GrapheneOS, you have to fine tune permissions
Re: (Score:2)
The only issue is that there aren't yet open source replacements for all Google services. For example, there is no equivalent of the activities API. That API can tell an app when you are stationary, walking, or in a vehicle. It's very useful for a whole variety of things, including build an efficient GPS logger.
When stationary there is no need to log. When walking every 30 seconds is fine, when in a vehicle every 5 seconds is desirable. The open source GPSLogger app used to support it, but the feature was r
Re: (Score:2)
Re:I wonder (Score:5, Insightful)
Is it really deleted or just marked deleted and so not available to you any more but visible to the Google profile building software ?
Re:I wonder (Score:5, Interesting)
I think that would be a GDPR violation in Europe. These things have been famous for getting billion-dollar fines. So unless they are really evil and like your data so much to risk such a fine, my experience with big corp is that being compliant is generally the rule
Re: (Score:2)
Meh. Laws only matter if they are enforced and offenders get caught. Once something is copied from my computer, I don't control it anymore.
I'll stick to not using their garbage in the fist place. Not owning a smartphone is getting harder every day, but it's still possible.
Re: (Score:2)
And I would agree with that strategy, I'm just saying that, as someone working in enterprises and dealing with the compliancy bullshit all day long, that it is not very likely scenario.
Re: (Score:3)
Re: (Score:2)
Google doesn't sell your personal data. That would be insane, because it's what makes their advertising services so valuable. If anyone else had access to it they would just be creating competition for themselves.
Re: (Score:2)
Re: (Score:2)
Is it really deleted or just marked deleted and so not available to you any more but visible to the Google profile building software ?
Could someone remind me of why Android is so evangelized around here?
Re:I wonder (Score:4, Funny)
It does.
If you go to your Google account settings, find the section on "Data & Privacy", you will see an option to "Delete Your Google Account". If you select that, you will see a message that says that continuing will delete all your Google data.
Re:I wonder (Score:5, Insightful)
It does.
If you go to your Google account settings, find the section on "Data & Privacy", you will see an option to "Delete Your Google Account". If you select that, you will see a message that says that continuing will delete all your Google data.
Yup, Google's pinky swear is good enough for me! It's not as though they'd ever lie about such a thing...
Re: (Score:3)
You can also set up a dead man's switch for your account.
Go to your Google Account page, Data & Privacy, and then look for "Make a plan for your digital legacy" near the bottom of the page. You can set it to auto-delete your account if you don't log in or unlock any logged in devices for a certain period of time.
Looks like stock trading/crypto apps ban coming (Score:5, Interesting)
Even if you call the company, They have stated to me that they cannot delete the account because of regulations requiring them to keep that info for tax reasons. I am assuming they were not lying but they could have been I guess. Deleting all of the data would remove traceability.
Retention for regulatory compliance is allowed (Score:4, Informative)
The featured article links to "Giving Users More Transparency and Control Over Account Data" on Android Developers Blog [googleblog.com], which states:
It also links to "Understanding Google Play’s app account deletion requirements" [google.com], which states:
Re: (Score:3)
Please note if your app falls within a highly regulated industry (such as utilities, healthcare, financial services), it is permissible if you need to provide additional flows to facilitate account deletion requests to completion.
It shouldn't even be *possible* to delete a stock trading account that still has stocks in it, or a bank account that still has money in it. And it probably shouldn't be *too* easy to delete any account irrevocably. Otherwise, it could also be easy for a malicious person to delete someone *else's* account irrevocably.
For account deletion to be acceptable to users, there must be a grace period after deletion before the data goes away forever, and that grace period must be long enough for the owner of an ac
Re: (Score:2)
Since it is required to use googles oAuth to identify and authenticate the account in the first place, this means by necessity the "identification" component is linked directly to a google account, nearly all of which are directly tied to an email address named after the same.
Ah, so the summary is a bit too summarized then (or else I missed something). If this policy is specific to apps that use Google authentication (as opposed to all accounts, period, which is how I read the summary), then yes, any privacy concerns from them having to know your Google account are entirely moot, because they already do.
Re: (Score:2)
THehy "Say" it will be deleted (Score:2)
Re: (Score:2)
Re: (Score:2)
Nothing but posturing (Score:3)
Re: (Score:2)
The deletion would take effect in backups as each backup is rotated out of service. Deletion would also add the account to a list of deleted accounts, which any subsequent restoration would exclude and which Google allows apps to keep for regulatory compliance.
Re: (Score:2)
GDPR recognizes that backups are different to live data. It is permissible for a company to delete live data, and wait for backups to expire. They aren't allowed to restore that backed up data for which a delete request has been made, unless there are exceptional circumstances. Saying "we didn't back up the deletion request so can't re-apply it after restoring from a catastrophic failure" probably wouldn't fly, although I don't think it has been tested yet.
Obviously if you live in the US you are probably SO
Sure, I believe that (Score:5, Insightful)
First we had "security theatre". Now we have privacy theatre as well.
Better late than never... (Score:3)
It happens upon occasion (Score:2)
Even supervillains will occasionally do the right thing, even if its only to further their plans for world domination