Google Safe Browsing Extends to Android Apps Requiring User and Device Data

Posted December 05, 2017

Developers have been given 60 days to comply with what is described as an expansion of Google's existing Unwanted Software Policy. It applies to both Google Play and other app markets. That'll involve more strictly enforcing the company's unwanted software policy, which already demands that app developers be transparent with users when collecting their personal information.

Any apps that fail to display a custom privacy policy will find that their Play Store listing is slapped with a warning. Also, if these apps collect personal data unrelated to the functionality of the app - the developers must highlight this prior to collection and transmission, so the user knows how the data will be used. Inside Chrome, this alert will appear as a Safe Browsing error before the user gets to access a site hosting the infringing app. In case apps don't follow it, Google Play Protect will show a warning when such app tries to collect your personal data without notifying you.

This amounts to "clandestine surveillance software that is unknown to Android users at the time of app installation", Yale's Privacy Labs wrote in its report. Notably, these new guidelines will prevent apps from collecting user data which is not necessary.

The Safe Browsing team is giving developers 60 days to update their apps towards this direction.

Google says these new rules also apply to basic operations such as user data collection for analytics and crash reporting purposes, and not necessarily for personal data alone. The apps will be considered to violate Google's policy if they don't follow the rules for prominent disclosure.

Recent research by Yale University's Privacy Lab and Exodus Privacy showed that three quarters of Android apps contain trackers that collect user data for targeted advertising, to glean their locations, and to analyse behaviour. This will help to crack down on malicious apps, including those from third-party sources that would previously go unnoticed by the Safe Browsing service.