Developers have been given 60 days to comply with what is described as an expansion of Google's existing Unwanted Software Policy. It applies to both Google Play and other app markets. That'll involve more strictly enforcing the company's unwanted software policy, which already demands that app developers be transparent with users when collecting their personal information.
This amounts to "clandestine surveillance software that is unknown to Android users at the time of app installation", Yale's Privacy Labs wrote in its report. Notably, these new guidelines will prevent apps from collecting user data which is not necessary.
The Safe Browsing team is giving developers 60 days to update their apps towards this direction.
Google says these new rules also apply to basic operations such as user data collection for analytics and crash reporting purposes, and not necessarily for personal data alone. The apps will be considered to violate Google's policy if they don't follow the rules for prominent disclosure.
Recent research by Yale University's Privacy Lab and Exodus Privacy showed that three quarters of Android apps contain trackers that collect user data for targeted advertising, to glean their locations, and to analyse behaviour. This will help to crack down on malicious apps, including those from third-party sources that would previously go unnoticed by the Safe Browsing service.