- Aug 17, 2014
Google is rolling out an app privacy section to the Play Store on Tuesday. When you look up an app on the Play Store, alongside sections like "About this app" and "ratings and reviews," there will be a new section called "Data privacy & security," where developers can explain what data they collect. Google showed off this feature last year, and it will finally start appearing in the Play Store today.
Note that while the section will be appearing for users starting today, it might not be filled out by developers. Google's deadline for developers to provide privacy information is July 20. Even then, all of this privacy information is provided by the developer and is essentially working on the honor system. Here's how Google describes the process to developers:
You alone are responsible for making complete and accurate declarations in your app’s store listing on Google Play. Google Play reviews apps across all policy requirements; however, we cannot make determinations on behalf of the developers of how they handle user data. Only you possess all the information required to complete the Data safety form. When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action.
Once the section is up and running, developers will be expected to list what data they're collecting, why they're collecting it, and who they're sharing it with. The support page features a big list of data types for elements like "location," "personal info," "financial info," "web history," "contacts," and various file types. Developers are expected to list their data security practices, including explaining if data is encrypted in transit and if users can ask for data to be deleted. There's also a spot for "Google Play’s Families Policy" compliance, which is mostly just a bunch of US COPPA and EU GDPR requirements.
Google says developers can also indicate if their app has "been independently validated against a global security standard." Google has a "Mobile Application Security Assessment" standard, and developers can pay between $3,000 and $6,000 to have a "Google Authorized Lab partner" audit an app against this standard. This audit includes a review of an app's encryption practices, a check for known vulnerabilities, a requirement of minimum permissions, and a bunch of other tests listed on this Github.
As usual, Google's release process can take a while. Google says a lucky few users will start seeing the data safety section today, and it will probably take a few weeks to roll out to everyone.