back to article Google Play privacy SNAFU sends app buyers' details to devs

Dan Nolan, an Australian software developer, has claimed that Google Play sends those who sell apps in the online bazaar personal details of app buyers. Nolan rose to notoriety late in 2012 by launching "The Paul Keating Insult Generator". Keating was Prime Minister of Australia between 1991 and 1996 and had a famously acid …

COMMENTS

This topic is closed for new posts.
  1. Doozerboy
    Trollface

    Privacy, schmivacy

    Privacy is dead, get over it

    1. countd
      Facepalm

      Re: Privacy, schmivacy

      And Doozerboy is your real name, presumably?

    2. Anonymous Coward
      Anonymous Coward

      Re: Privacy, schmivacy

      Yeah Doozerboy publish your genuine name, address, telephone number and email address if you really don't care.

      1. Doozerboy

        Re: Privacy, schmivacy

        I guess adding a troll icon next to the quote isn't obvious enough to you guys.

  2. El Presidente
    FAIL

    Permissions probably

    Buried alongside the clause to sign over your daughter in the 136 paragraph ream of impenetrable legalese you click 'yes' to whenever you're faced with losing seven hours of your live in order to use a simple app. Probably.

    1. Graham Marsden
      Devil

      Re: Permissions probably

      Not forgetting that that legalese is most likely presented in a tiny little window that shows about four lines making it virtually unreadable and meaning you have to scroll manually through it.

      Not that they'd do that deliberately so you'll just click on "I accept" of course...

  3. John Tserkezis

    You're not paranoid if they really ARE out to get you.

    I've always avoided Google Play, I get my APKs via other means.

    See? I wasn't crazy after all.

    1. HollyHopDrive
      Pirate

      Re: You're not paranoid if they really ARE out to get you.

      @John Tserkezis - So is your attitude not the same as ....

      I've never bought a TV from a shop, I always get my TV's down the pub. Now it turns out that Currys pass your details on to the TV licensing people. It turns out I wasn't crazy.

      So, where to start. Not paying for paid apps is theft. It hurts the developer and in turn hurts the Android eco system. Which means people will give up developing for android and we will be forced into having to use iphones. And most worrying you seem to be a smug git about it when you should feel nothing but embarrassment. Also, I can't believe you think those APK's from the torrent/piratebay/usenet aren't extra tainted with malware.

      1. dotdavid

        Re: You're not paranoid if they really ARE out to get you.

        "Not paying for paid apps is theft"

        Indeed, but the OP didn't say he was theiving - he might have been using Amazon's app store, as that company is a shining beacon of privacy good practice *cough* or one of the other legit Android markets.

      2. S4qFBxkFFg

        Re: You're not paranoid if they really ARE out to get you.

        (what dotdavid said)

        Also, there was no suggestion it's paid for apps he's talking about - for most things you can get by with free.

      3. NumptyScrub
        Trollface

        Re: You're not paranoid if they really ARE out to get you.

        quote: "Not paying for paid apps is theft. It hurts the developer and in turn hurts the Android eco system."

        Technically correct, assuming that the apks they are talking about are those of paid apps (that's why freemium is so rampant in Andriod, the app itself is free anyway, and it's far more difficult to get round the in-app system). However the comment itself could be likened to:

        "Not handing yourself over for exceeding the speed limit is a crime. The loss of fine revenue hurts the police force / government and in turn hurts the country."

        Nice straw man huh? I'm quite proud of it myself, since personal experience would put the number of criminals I see on the roads at around 80% of all traffic (especially 35+ in a 30, I rarely encounter a vehicle doing <30 in a 30). I would be perfectly comfortable claiming that around 80% of drivers are in fact habitual criminals who endanger the lives of themselves and others without a second thought. Plus, I'm guessing a high percentage of people who commit other crimes (e.g. pirating apks) are also drivers. Speeding is a gateway crime!

        I'm guessing that you are involved (or know people who are involved) in app development for mobile platforms, so this issue is likely close to your heart. I completely understand your irritation that people could so brazenly commit a crime habitually like that. However, please take a good long look at yourself, and your loved ones, and see if you can find anyone who is not a habitual criminal of some sort (speeding, downloading copyright materials without consent, controlled substance use etc.). If the only examples you can find are 10 years old or younger, I'd suggest that perhaps the laws are not working, and that public opinion would in fact require that the criminalisation of those habitually performed deeds should probably be revoked.

        Remember, it is "government (and policing) by consent", not "citizenship by consent". They work for us, no matter what they might try to get you to believe ;)

  4. Anonymous Coward
    Anonymous Coward

    Not exactly impartial

    In fact, I am surprised that he has ported his app to the platform, given his previously expressed views.

    I'll take this complaint with a large dose of salt.

    1. Coldwind104

      Re: Not exactly impartial

      "...given his previously expressed views."

      Your link went to a tweet about Android 4.2 not including December in its calendar. What's the 'view' you're referring to?

    2. Anonymous Coward
      Anonymous Coward

      Re: Not exactly impartial

      Presumably because he has something negative to say about Android/Google, he is not one of the cult members and therefore anything he says can be safely ignored.

  5. davefb

    merchant account.

    Since it's the same system that google uses for actual physical stuff.

    What do people expect?

    Mind you, as john says, everyone pirates on android anyway. Gee thanks.

    1. The BigYin

      Re: merchant account.

      If he is install outside of Google Play, there's no way for him to know what modified, malicious crap he is installing.

      Hang on, on Google Play there's no way to know what modified, malicious crap one is installing!

      1. Anonymous Coward
        Anonymous Coward

        Re: merchant account.

        @TheBIgYin :- "If he is install outside of Google Play, there's no way for him to know what modified, malicious crap he is installing."

        You do know there is officially supported Android life outside Google Play don't you? Or were you simply trolling based on your assumption that anything outside GP is obviously thieving off file-lockers and torrent sites?

        1. The BigYin

          Re: merchant account.

          Nope - all I have ever seen or heard of is Google Play. (Not that is seems to offer much in the way of certainty).

          It's certainly the only one that is installed, and I don't see any obvious way of adding other repositories or whatever.

          And it wasn't me who intimated piracy.

  6. The BigYin
    Mushroom

    I can see the use for some of the info

    e.g. Territory (no need for GPS, the mobile operator's location is enough), gender, etc. (all taken from your Google account). Might be of use to some.

    But personally identifiable information? Getting sent without my permission?

    Is that a breach of the Data Protection Act? Or EU laws on privacy?

    I spent an age installing DuckDuckGo and replacing Google wherever I could when I got my first Android phone. It pisses me off that maps etc keeps activating and send back tracking information - there seems to be no way to stop it. If I could root this new phone, I would.

    Google Play is a waste of space too - there's no guarantees on security or safety and what information they do give on permissions is useless. "Angry Birds" needs to be able find out who I'm calling. WTF? Why? No details given - there is no reason whatsoever for an app like "Angry Birds" to have any idea what number I am calling (or which one is calling me). It also want my location? Why? Once again, it has no need to know this.

    Is any of this under my control, can I override any of the apps demands for information it does not need? No.

    Android is a clusterfuck for user privacy. I just didn't realise how bad it was until I got one. Once the contract is up, I'm going back to a basic feature phone - one that I don't have to charge every single sodding day.

    1. Anonymous Coward
      Anonymous Coward

      Re: I can see the use for some of the info

      I depends a bit on what you have agreed to. If you use Google you have more or less agreed to let your trousers down anyway and Google will continue to collect information as long as they can get away with it. I suspect this will come to a somewhat abrupt end by means of a massive EU fine, but that will take a while (the holdup is the discussion about their current privacy policy - there appear to be complaints backed up behind that. BTW, check out the 27 signatures in that letter).

      A financial transaction like a payment always comes with personal details because it's part of the verification process, but the seller should not be party to that data because there is no valid reason for them to have it (the Google shop is supposed to handle this) - with one exception: they need some handle on who is entitled to support. IMHO, the Google ID or email address would suffice for this and is probably part of the Google T&Cs you signed for, but the Google Wallet privacy policy states the following:

      Information we share

      We will only share your personal information with other companies or individuals outside of Google in the following circumstances:

      As permitted under the Google Privacy Policy.

      As necessary to process your transaction and maintain your account.

      To complete your registration for a service provided by a third party.

      It's a bit early - I would wait for the full facts before making any judgement. Having said that, with most companies your personal details are only one coding error away from disclosure, this is also why most of them are so easy to hack. To do it right you would sling transaction data offline into a one-way storage container as soon as practical via what is called an information diode. After all, you only need that data in case of query and for admin - there is no need for this to remain on the public side of your infrastructure. The prime reason few bother is because it costs money (and customer's rights be damned).

      BTW, you may want to look at Startpage as well for your search needs. It offers proxied links so Google doesn't even see which results you actually use (which is normally a leak).

      As for Android being a [censored] for privacy, yup. In iOS I can install an App without giving it permissions at all, which would stop it from working, but it would install. I can also retrospectively edit those permissions. This could lead to silly situations such as TomTom not being able to work because I denied it permission to see GPS data, but the point is that *I* decide that, and can adjust to changing circumstances. In Android, not only do I have to give permissions upfront, I am coerced into doing so because the App would otherwise simply not install. Once installed, I have zero control over what the App does. Interestingly, I think coercion for personal data is actually illegal under EU law (I know the UK has a clause floating around somewhere that a user's choice must be a genuine choice rather than coercion), so we may have yet another problem Google will have to deal with and which could declare all versions of Android which use this model as illegal (that could get interesting - must discuss with regulators..).

      Having said that, the about coercion rule actually declares some iOS apps illegal as well, if I recall correctly, WhatsApp refuses to work on iOS until it is granted full access to your contacts. However, if you are concerned about privacy, WhatsApp should be about the very last App you would install anyway, as well as Viber.

      Last but not least, if you recall the Streetview saga, you can remember that they said it was "an accident". Here's is another reason why you may want to avoid Android: read item number 47 of this officially submitted response. If it was an "accident", then why continue the activity on another platform?

      1. DF118

        Re: I can see the use for some of the info

        Well said.

        I only hope your optimism regarding regulatory intervention turns out to be justified. From everything I've read so far, I get the distinct sugary whiff of fudge being made.

    2. S4qFBxkFFg
      Thumb Up

      Re: I can see the use for some of the info

      "If I could root this new phone, I would."

      That's the main issue right there, if it's unrooted there's very little you can do to get control of your phone, I was lucky mine was easy to root and plonk Cyanogenmod on it, but I hadn't researched whether this was possible before choosing that model.

      1. The BigYin

        Re: I can see the use for some of the info

        The only impediment to my rooting is a legal one. That and the fact it's brand new...

        And as others have pointed out, there might be some cause for the vendor to see your personal details - however I assumed that Google's payment service would hold that in escrow until required. I don't see why an app vendor needs you home address, email or anything else really. They have your Google account and probably some kind of receipt/transaction ticket, that should be enough for dispute resolution.

  7. davtom

    So?

    If I sell something through PayPal, physical or intangible, I get details of the buyer, e.g. the email address and name. How exactly is this different?

    1. Anonymous Coward
      Anonymous Coward

      Re: So?

      Exactly right - this is why I suggest to wait with a reaction. If the seller gets more than that for a product that doesn't require a physical delivery then there may be questions, but only if the seller hasn't agreed somewhere in Google's ToS and Privacy Policies to supply that data anyway.

      Given the confusing interlinking of ToS and Privacy Policy and product specific changes it's quite possible that the buyer has signed away their entire right to privacy..

      1. Anonymous Coward
        Anonymous Coward

        Re: So?

        >it's quite possible that the buyer has signed away their entire right to privacy..

        What right to privacy? You're entering into a contract with the seller which is the developer, not Google Checkout.

    2. MrXavia
      Mushroom

      Re: So?

      While I don't mind my name being given to the seller, I'd rather my address remained private...

      Really google need to revamp their Play store anyway, its pretty poor to search/filter through and find what you want.. and the lack of needing a password once your logged in is a risk if you lend your phone to others..although the BIG risk is when you lend your tablet to others.. they have full access to everything....

      1. Dave Fox
        Go

        Re: So?

        "Lack of needing a password"?

        Recently, Play has been asking for my password when I make purchases - usually just the first one, if I make more than one during the same "session".

  8. This post has been deleted by its author

  9. Coldwind104
    Big Brother

    I accept that generally I'm not sharp enough to notice every possible place I could put or use data that could result in someone else getting hold of it. Since most of modern life revolves around electronic things happening that I really don't understand, I wouldn't have the first clue how to go about fully protecting my information.

    I can and do take reasonable steps, such as making sure I don't keep my PIN next to my debit card. I shred (cross-cut, of course) confidential papers before throwing them out. I use different passwords for every site I visit. I enter my real details on websites only when I'm absolutely sure the firm needs them, when it's a company I trust (for a given, corporate value of 'trust'), and when my browser tells me it's an encrypted connection. I have no idea whether it *is*, in fact, an encrypted connection, and I'll bet the vast majority of people don't either.

    As far as I can tell, there are two absolute approaches to this problem. You either accept what the first commenter said: privacy is dead. That means that you accept that your entire life is now public property, and conduct yourself accordingly. Or, you reject that, and you give up technology. Good luck doing that in this society.

    Those are the absolutes. Most people, I honestly believe, will go down the middle. They'll be vaguely aware of the need for privacy - though they may well misjudge what's 'sensitive' and fight tooth and nail to try to prevent anyone finding out that, say, there's a house at their address. They'll likely take those basic precautions, like I do, but ultimately have no idea whether they're really protecting themselves or not.

    1. P_0

      Or you just need to readjust what your meaning of privacy. When I use Amazon, I give them an in-use email address (not a throw away address), and my billing address. But I don't scream about Amazon stealing my privacy.

      Why should an app buyer have to give his email address to the seller? Google Checkout isn't just used for Android apps. Sellers may need to contact buyers and inform them of a problem.

      With regards to Shipping addresses, these can be changed, and are used much the same way as Ebay or Amazon use them. Really, what's the problem?

      People are expecting too much privacy. This isn't the 1990s where you could surf the net in complete anonymity. If you want to interact with the real world while on the internet, especially when it comes to money, you are gonna have to reveal some information about yourself.

      1. Doc Spock
        Big Brother

        @P_0

        If an app seller needs to contact the buyer, then it should be possible to send them an e-mail through the Merchant Store system - that is, Google keeps the eventual destination of the e-mail hidden from the seller.

        For physical goods, the seller will need the buyer's address for practical reasons, but it's not necessary. The seller could post the item to a Google-owned warehouse, which then forwards the item to the buyer.

        For software downloads, there is never a need for the seller to know anything about the buyer, other than that they have paid for the item. And it's not like you get the buyer's bank details when they buy from you, so Google are able to keep some stuff a secret. Why then can't it keep other stuff a secret too...?

        PS Feel free to substitute Google for your favourite privacy-stealing multi-national faceless corporation.

  10. Martin Chandler

    This is true...

    I have an Android Dev Account with an app available for purchase on the market place. I can confirm you always get the following details - Full name, Post code or Zip code, Country. Some of the transactions have also included City and telephone number.

    1. Martin Chandler

      Re: This is true...

      Actually, going into the archived transactions, I get the full address of some of the purchasers. Im not sure if Google have reduced the amount of info passed onto devs at a later date.

      1. P_0

        Re: This is true...

        Buyers can change this information at any time.

        http://support.google.com/wallet/bin/answer.py?hl=en&answer=99746

        1. Martin Chandler

          Re: This is true...

          I have tried to change my contact details but it is mandatory to include street, town, postcode and telephone number.

  11. Dan 55 Silver badge
    Stop

    What about free apps?

    Do they get the same info?

    1. P_0

      Re: What about free apps?

      No. It is only those apps which are bought with Google Checkout that information is given.

      For free apps, you can see a breakdown of the countries the app was downloaded in, the type of device used, the Android OS version and some other stuff. But it's just general information.

      1. Anonymous Coward
        Anonymous Coward

        Re: What about free apps?

        Do free apps get to see e-mail address?

        1. P_0

          Re: What about free apps?

          Nope. The developer sees nothing.

  12. P_0

    Not sure I can see what the problem is. I've been selling apps on Google Play for years, and I've seen the email address and city locale of the buyer. Big deal.

    PARTIAL address is used to prevent fraud. see http://support.google.com/checkout/sell/bin/answer.py?hl=en&answer=45175

    Buyer information sharing

    To help reduce your fraud risk, Google shares buyer credit verification information for each order you receive. You can use this information to perform your own fraud checks. To view buyer credit card verification information for a particular order:

    Sign in to Google Checkout at https://checkout.google.com/sell

    Click the appropriate order in your Orders Inbox.

    Buyer credit verification information will appear below the buyer's shipping information:

    If Covered by Payment Guarantee appears, this order is eligible for Payment Guarantee Policy protection. Although an order may be eligible for the Payment Guarantee, merchants must meet certain additional criteria to be fully covered for the order.

    The Address Verification System (AVS) check is helpful in comparing the buyer's billing address included in their account with the legitimate address that the credit card issuer has on file. If the AVS flag is Full, both the name and address that the buyer entered for the credit card completely match the information on file with the credit card's issuing bank. Other possible values for this field are Partial (either the address or the postal code matches), Unavailable, and No match.

    The Card Verification Value (CVV) check is useful in confirming that the card holder has access to their actual credit card when placing their order. If the CVV flag is Match, the CVV code that the buyer entered for the credit card during the purchase completely matches the information on file with the credit card's issuing bank. Other possible values for this field are Error, Unavailable, and No match.

    Account age shows you how long the buyer has been able to make purchases through Google Wallet.

    If you're concerned about a particular order, or if you're unable to contact the buyer with the information we provide, you have the option to cancel the order to avoid further risk.

    1. Martin Chandler

      It's not always just PARTIAL information, my dev account shows many users' FULL addresses and telephone number. I think the problem according to the article is that users are possibly not aware they are sharing this amount of information.

      1. P_0

        I just realized when I buy apps on Google Play I show my phone number. Ooops. But I just edited it out. It was my own fault for not reading Google's ToS.

        I can also edit the shipping address.

    2. Anonymous Coward
      Anonymous Coward

      I would very strongly suggest you take the Google explanations and statements with a fairly large helping of NaCl ("salt" :) ). I looked at the ones for Gmail and found them to be rather creatively and self servingly misleading.

      As I said before, you'll need to wade through the maze of ToS and Privacy Policies to find out what you have effectively agreed to, but for UK Data Protection purposes, supplying your full personal details to the seller is IMHO excessive of need and thus at best questionable. If you're UK based it's worth giving the UK Information Commissioner's office a call - they should be able to tell you if you can progress this or not.

      It's exactly this total lack of clarity of what goes where that has Google under fire from 27 different EU countries at once. I actually wonder when this will progress (if ever) - they didn't put a deadline in that letter as far as I know and this has been pending since mid October last year..

  13. Anonymous Coward
    Anonymous Coward

    All true, and very different from Apple

    I'm an iOS developer, and have also dabbled with Android. This is a significant difference between the platforms that comes as a surprise when moving in either direction. In the case of Apple, you know nothing except the country (or perhaps not even that, if the country is "Euro Zone" or "Rest of World"). Google share almost everything, and that comes as a shock to people who are used to the Apple approach (as in this case). In contrast, I have seen Android developers who move to Apple asking "How do I get the email addresses of my customers?" and receiving incredulous replies.

  14. Anonymous Coward
    Anonymous Coward

    In other news

    Amazon and eBay also pass on your details when you buy stuff.

    1. Anonymous Coward
      Anonymous Coward

      Re: In other news

      I hope Amazon doesn't pass my details to whoever makes the products that are sold by Amazon themselves.

  15. Mephistro
    Happy

    Google, the new Apple!

    "The Register requested comment on Nolan's report from Google, but the ad giant and self-driving car pioneer has not responded at the time of writing. "

    (See title)

  16. Anonymous Coward
    Anonymous Coward

    Can be abused, seriously

    What if a government such as Saudi Arabia uses their trillions of unaccounted dollars to create honeypot like apps to audit their citizens?

    Or, Iran who are still known to hunt down people living abroad?

    Of course, "first world" governments can do similar tricks too.

    Hell,.a basic promise like." free VPN" is enough to catch them like flies.

  17. Anonymous Coward
    Coat

    Must... resist... urge...

    ... but can't.

    <Eadon>

    GOOGLE FAIL

    </Eadon>

    Sorry folks. I'll get my coat now.

    1. This post has been deleted by its author

  18. This post has been deleted by its author

  19. SunBoy
    WTF?

    Google is begining to be EVIL!

    Ever tried to look at a Nexus 7 and tried to get a price for it to be delivered?

    If you dont have a google play account, they *MAKE* you sign up and GIVE THEM YOUR CREDIT CARD.

    All this *BEFORE* allowing you to KNOW WHAT THE POSTAGE AND PACKING PRICE IS!

    WTF??? Why oh why do google NEED MY CREDIT CARD DETAILS to GIVE ME A POSTING COST?????

    1. Anonymous Coward
      Anonymous Coward

      Re: Google is begining to be EVIL!

      If you're in the UK (or actually anywhere in the EU) you can complain to your local regulator about excessive demand for personal information. You can also complain to your credit card company about illegal acquisition of credit card data. AFAIK, there are some rules about when such data can be collected - upfront before you even have an indication of price must be AFAIK a breach of either card rules or the laws on the sale of goods.

  20. Anonymous Coward
    FAIL

    Unbelievable that this has been happening for so long until finally one developer reports it.

This topic is closed for new posts.