February 17, 2013
With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase. The problems on android of app permissions (and subsequent potential for malware aside) is one of active negative behaviour on the part of an app developer.In conclusion, he says: “This is a massive, massive privacy issue Google. Fix it. Immediately.”
The detailsThe reason this issue has upset privacy experts, and probably quite a few Google Play users too, is that Google doesn’t implicitly mention to users that these types of data transactions are occurring. For example, within the policy, Google states:
We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.This sounds about right, if it actually covered information such as email, city location, etc. Instead, this “sensitive personal information” refers to “confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.” The only place in the policy where Google does mention that a user’s email and mailing address may be shared with others is when magazine subscriptions are referenced. Here, Google states:
If you purchase a subscription of any length on Magazines on Google Play, Google will share your name, email address, mailing address and a unique identifier with the magazine’s publisher.