Google Play hides app permissions in favor of developer-written descriptions

  News
image_pdfimage_print

Google’s developer deadline for the Play Store’s new “Data Safety” section is next week (July 20), and we’re starting to see what the future of Google Play privacy will look like. The actual Data Safety section started rolling out in April, but now that the developer deadline is approaching… Google is turning off the separate “app permissions” section? That doesn’t sound like a great move for privacy at all.

The Play Store’s new Data Safety section is Google’s answer to a similar feature in iOS 14, which displays a list of developer-provided privacy considerations, like what data an app collects, how that data is stored, and who the data is shared with. At first blush, the Data Safety entries might seem pretty similar to the old list of app permissions. You get items like “location,” and in some ways, it’s better than a plain list of permissions since developers can explain how and why each bit of data is collected.

The difference is in how that data ends up in Google’s system. The old list of app permissions was guaranteed to be factual because it was built by Google, automatically, by scanning the app. The Data Safety system, meanwhile, runs on the honor system. Here’s Google’s explanation to developers of how the new section works:

You alone are responsible for making complete and accurate declarations in your app’s store listing on Google Play. Google Play reviews apps across all policy requirements; however, we cannot make determinations on behalf of the developers of how they handle user data. Only you possess all the information required to complete the Data safety form. When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action.

It wasn’t entirely clear that the permissions section would be going away when Data Safety launched. It’s a strange regression to go from computer-verified facts to the honor system. It’s also hard to trust Google’s ability to “become aware of a discrepancy” in the Data Safety screen when the Play Store already has a huge amount of enforcement and rule problems. It seems like it would be better to combine the two systems—generate a list of permissions and let developers describe how each one is used.

Listing image by Google Play

https://arstechnica.com/?p=1867069