Android users’ personal information made public via Google Play

Android_big_brother

Image: donthatethegeek.com

Have you purchased an app on your Android mobile recently? If so, your personal information—full name, zip code, and email address—may currently be in the hands of the third party developer who created that new app you love so much.

Australian app developer Dan Nolan recently posted on his blog that he, without realizing, had access to everyone’s personal information who had purchased his app through Google Play. Google Play, formerly known as the Android Market, is the main platform for purchasing apps on Android mobile and is maintained by Google.

And this treasure trove of personal information that Nolan stumbled upon isn’t simply a glitch in the system, nor is it new. In fact, all consumers who purchase apps on Google Play have their personal information sent to the app’s developer without their consent (no information is sent when downloading free apps). App developers get your email address, your suburb, and often your full name. 

Another developer, Jesse Wilson, posted an example of the information that Google Play makes available about app purchasers:

Google Play app purchaser info

Nolan became concerned upon seeing his app users’ detailed personal info in his Google Checkout dashboard. He thought the information could allow ill-intentioned developers to “track down and harass users who left negative reviews or refunded the app purchase.” His blog post condemned Google for this blatant invasion of privacy and urged Google to change their policy.

From a privacy standpoint, the personal information that is being shared is excessive and unexpected, but what seems more surprising is the lack of knowledge—from both the developers and consumers standpoint—that it’s happening. Google Play never explicitly asks consumers if they’re okay with sharing their personal information, and as Nolan’s reaction upon stumbling across this information shows, many developers are equally in the dark. If Google insists on relaying users’ personal information to developers, it should tell consumers up front when purchasing the app, preferably with the option to opt out.

Paid Android apps

If you’re an Android user and want to avoid third-party developers having access to your personal information, you do have options. There are non-Google alternatives for many Android apps, such as the Amazon Appstore for Android.

In comparison, with iOS, Apple is the merchant of the purchase records–not the developers. The only information that Apple sends to the developers is the number of sales in each country and a non-identified Apple ID number. If you’re really perturbed by Android developers getting your personal info, you may want to make the switch to iPhone…not that either mobile platform has a stellar record on user privacy.




3 comments shared on this article:

  • pogue says:

    The only problem with the Amazon appstore is that they are way delayed in issuing updates for apps downloaded from them. If there is a security flaw or a patch that needs to be applied, Amazon’s appstore might not post for weeks about apps being updated. The other concern I have about their appstore is that they don’t have much (if any) disclosure about their privacy or security either. Google Play scans for malware using their own internal engine. It’s not perfect, but better than nothing. Amazon, to my knowledge, has never commented about how they check or test apps and I have downloaded several from there that my AV has later flagged as having some nasty adware included with it. Finally, whose to say that the Amazon appstore isn’t passing this same info to their app developers? I haven’t read their privacy policy, but if you want to purchase something from the Amazon appstore, you have to give them all your information – including credit card data, EVEN if the app you’re downloading is free.

  • Lisa Mcfalls says:

    issue.s with hacking and user priavcy….use,s priavcy rights

    • mike says:

      I think GOOGLE is a crock a (beep)andI knew it right from the gitgo’I live in a particular area where they just recently opened a huge ground sattelite grouhnd relay station and now the citys kissing there behind in my neighborhood next to missouri river ican see omaha from my backyard tired off the nosiness and i hope someone with a grip of money takes them out.So there.HA HA

Leave a Reply

Your email address will not be published.

Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>