"will help people understand the data an app collects or shares"
[X] KITCHEN SINK
Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings. The data-harvesting ad giant on Thursday detailed plans to create a “safety section in Google Play” that it says “will help people understand the data an app …
The primary problem developers face with this is we have little option but to use Andriod API in some form.
Google refuse to tell anyone exactly what their own code gets up to (the propriatory bits) + then decides its all the developers problem to resolve.
So where exactly is say Google Admob list of data items it slurps so we have half a chance of making a decision if such an SDK component is acceptable in our apps.
Or Google IAP Billing slurpage
So devs who do this responsibly will end up with a scarey list, while the bad actors claim thir apps are nice and clean.
Wait 5 years before it obviosuly fails and needs to be tightened up, aka +5 free years of the wild west.
"The Register wonders if Google has actually met some of those developers..."
I'm an Android app developer (among other things) and I welcome this change. As both a developer and a user, privacy and control over your own data is very important to me. I'd like to see it enforced much sooner than 18 months and don't see why it can't be done in 3 - 6 months.
When I read the Android blog post yesterday I smiled because it will make my apps look better than the competition.
What I would really like is the ability, whenever an app wants permissions to access my contacts, location, message history or whatever, then instead of just denying it, to give it access to an inexhaustible supply of procedurally-generated, bogus information; but which would be indistinguible, as far as the app were concerned, from real personal data.
Why? Isn't it better to require apps to function properly when that info is withheld rather than give them an excuse to malfunction because you are feeding them bogus info with no way for them to know the difference?
Imagine a weather app that will show current conditions at the location you currently are at. You click the "give it bogus info" option and your weather app opens up to Auckland one day, Sao Paulo the next, then Novosibirsk...
Clearly it would not be appropriate to use that setting for a weather app, that does not make the function a bad suggestion.
The gallery app on my phone wants access to my location - why? All I want the gallery app to do is display photos stored on my phone. So it is denied.
The Seek Thermal app demands location, I do not want Seek knowing where I am nor do I want my thermal photos geotagged but I if I block the permission the app will not run. So I use a developer setting to set a false location. But if I need another app to know my location I have to disable that for all applications.
What if another app refused to work if your location looked false? Yeah I'd just uninstall it and manage without whatever function I lost but some people seem unable to do that.
I would like to be able, per app, to set location to:
[ ] Permit once
[ ] Permit
[ ] Fixed random false location
[ ] Fixed location set by user
[ ] Genuine looking movement in random region
[ ] Used defined path
The last of these would spell out the words 'Fuck off' around the streets of some city I plan to never visit.
Same goes for all other settings that have the potential to be personal data, give me a range of options per application.
“Developers agree that people should have transparency and control over their data,”
Erm, the good guys might but what about all the others... like big G themselves, FaceBonk, Idiotgram, Twatter. What about those who 'agree' but then bury the options at the bottom of a filing cabinet in a disused toilet with a 'Beware of the Leopard' sign on the door.
"The app’s safety section is verified by an independent third-party [...] Developers will be responsible for writing their own disclosures."
Is this included in the free developer account? Do we have to find a service? Is there one, or many? Is there a list of allowed third-parties?
Without those answers, this actually reduces my feeling of security using the play store. It makes it feel like theatre, which makes me wonder what I'm being distracted from.
Also, it's just more noise to parse when making a decision. I'd rather an authoritative review outlining, simply, what is going on. Google can afford to do that, and should.
Biting the hand that feeds IT © 1998–2021