google

Google is rolling out a new Data Safety section on the Play Store, Android’s official app repository, where developers must declare what data their software collects from users of their apps.

This will be like a privacy label giving users crucial information at a glance, which should be enough to help them decide if they would like to proceed with the installation.

App declaring what data it collects
App declaring what data it collects
(Google)

Not only will developers declare what data they collect, but also what data they share with third parties, essentially disclosing the purpose behind the collection.

If the user wants to learn more about a particular entry, tapping on the corresponding item will collapse the menu to reveal more information on what is collected or shared.

Viewing details on the shared data section
Viewing details on the shared data section
(Google)

The third pillar of the Data Safety section will be the app’s security practices, which describe the security mechanisms employed to protect the collected data, like the MASVS standard.

This third section also clarifies whether users are given the option to ask for the deletion of their data at any time.

Finally, Data Safety will specify if the app follows Google Play Families Policy, which is geared toward children’s protection.

Google is rolling out the new Data Safety section gradually so that Android users won’t see this new section immediately but over the next couple of weeks.

Developers can begin declaring how collected data is used starting today, with the deadline to complete their submissions being July 20th, 2022.

Google told BleepingComputer that developers would provide this information themselves, which Google will not confirm. However, if it is discovered that a developer has misrepresented their data use disclosures, they will be required to fix the provided information.

Failure to do so would lead to policy violations, leading to the suspension of the app in the Google Play Store.

For more information on the new system, what it includes, and how it works, check out Google’s support page.

Replacing a bad system

Up until now, Android apps on the Play Store had to list a link to their Privacy Policy under the “Additional Information” section and provide a contact email.

Since this privacy policy is hosted on an external location, it’s subject to modifications, might be vague, may not disclose all the crucial details about data collection and protection, and may even lead to a broken link.

Current way to access data collection info
Current way to access data collection info (Play Store)

Moreover, since reading large texts of legal jargon isn’t exactly what users look forward to when browsing the Google Play Store for new apps, almost nobody checks these.

Finally, due to the practical difficulties arising from the above, it has been impossible for Google to validate that apps respect the terms presented in their privacy policies.

Data Safety gives users a clear understanding of what happens with their data without requiring them to spend time digging into sections, while it also empowers Google with enforcement.

Catching up

While Google’s move is beneficial to Android users, a similar feature called ‘Privacy Nutrition Labels‘ was already introduced by Apple in 2020.

Apple TV summary of data collection
Apple TV’s summary of data collection (Apple)

This is another case where competition in the mobile OS space has brought positive developments, giving users more insight and control over how their data are handled by the various software that runs on their smartphones.

With the large amount of scam apps, malware, and usury apps found on Google Play, this new Data Safety section will not only be useful for Android users, but also allows Google to find policy violators more quickly.

Source: www.bleepingcomputer.com