Sign in / up

back to article Google Play puts Android apps on notice: No naughty JavaScript, Python, Lua

Google's pending Play Store policy changes are bringing various privacy improvements – but also include a security enhancement and disclosure requirement that deserve mention. First, there's a specific ban on the deceptive use of interpreted languages like JavaScript, Python, and Lua. This is more of a refinement and …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Firewall.

    User thinks they're giving *apps* permissions, but they're giving *companies* and their corporate allies and anyone that can fake their cert permission.

    As soon as you grant a permission, that data is slurped out of your device to corp. Even if you revoke the permission later, too late, your data is getting passed around and resold. The issue is a giant surveillance and marketing company being in charge of security on a connected device.

    It strikes me that Huawei, with its HarmonyOS, could incorporate a firewall, and make that a big selling point of its product..... bigger than 5G, where as others, with their Google Play contracts could not.

    Add a firewall to your devices Huawei, make it a big selling point in your marketing.

    Lemonade is a popular drink.

    6 0 Reply
    1. elsergiovolador Silver badge
      Reply Icon

      It strikes me that Huawei, with its HarmonyOS, could incorporate a firewall,

      Would you buy a Soviet satellite phone during a cold war to use for your day to day business?

      Come on...

      2 0 Reply
    2. Jamie Jones Silver badge
      Reply Icon
      Black Helicopters

      Android already needs specific permission to access the network.

      However, a while back, google modified the play store to grant that permission to all apps that request it, silently, without mentioning it to the user, and without any option for a user to revoke it.

      So, the code is already there, but Google chose to effectively disable it.

      Draw your own conclusions!

      https://developer.android.com/training/basics/network-ops/connecting

      0 0 Reply
  2. Dan 55 Silver badge
    Facepalm

    Wandavision Agnes Wink.jpg

    And remember advertising networks, no deceptive use of downloaded JavaScript, Python, and Lua downloaded at run-time!

    If your advertising library does download naughty scripts we'll come down on the developer like a tonne of bricks.

    As you were.

    2 0 Reply
    1. Paul Hovnanian Silver badge
      Reply Icon

      Re: Wandavision Agnes Wink.jpg

      Google reserves the sole right to stuff privacy violating scripts down your throat for its own services.

      Try turning JavaScript off and see how well Google stuff still runs.

      0 0 Reply
      1. RegGuy1
        Reply Icon

        Re: Wandavision Agnes Wink.jpg

        Don't use apps.

        But first install Firefox; then put on AdBlockPlus and No Script. Ok you have to approve your favourite websites, but No Script is easy (especially basic usage). Regularly delete all your cookies. That will add discontinuities to your history, and they'll have to do more work to re-connect the dots.

        Finally NEVER EVER EVER use chrome again.

        Or alternatively, roll over and take it like a man...

        2 1 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Wandavision Agnes Wink.jpg

          Lol. I suppose you also never drive down the freeway faster than 20mph, or leave the house without an armed escort, or talk to your neighbor's either?

          If you're not going to use the device, why own it?

          0 4 Reply
          1. MrMerrymaker
            Reply Icon

            Re: Wandavision Agnes Wink.jpg

            A troll-like comparison. I use my phone for MORE because I have more control.

            I've got root with adaway. Filtering DNS,and I can see what requests are made in real-time and block accordingly.

            YouTube Vanced for no ads. Blockada

            Sir, if you are saying blocking this ad crap is like driving a car 20mph down a motorway, I say you're sucking off Satan for decrying the blocking of snoops.

            Still. Here I am replying to a post made in sneeringly poor comparisons. You seem American.

            0 0 Reply
  3. heyrick Silver badge

    "Developers must provide accurate information related to personal or sensitive user data their apps collect, use, or share."

    Does this apply to Google as well as to everybody else?

    Given the GDPR requires "informed consent", please can everybody stop using the phrase "and our partners". They are not your partners, you're just happy to throw our data at them because they'll pay you something. Name all of them, what data is being shared with each, and why. Anything less and informed consent is simply not possible.

    Oh, and can we please have all this crap written in plain English rather than obfuscated within a pile of legalese that might not even be valid in my jurisdiction...not that we'd even know without legal advice from somebody actually qualified to read those many paragraphs and understand what all the phrases mean.

    15 0 Reply
    1. dajames
      Reply Icon

      Name all of them, what data is being shared with each, and why.

      No, don't do that. Life is too short and I can't be bothered to read it. Just stop giving our data to these people, or at least let me opt out (though GDPR says you shouldn't do it unless I opt in).

      2 0 Reply
  4. Jamie Jones Silver badge

    Ahhh, the Facebook philosophy

    Instead of actually removing the ability of apps to do bad things, just tell the authors not to be naughty, or else risk the wrath of a strongly worded letter, and a slap on the wrist.

    3 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like