Report: Google sends personal information to app developers without user knowledge or consent
End The Lie
End the Lie
February 15th, 2013
Reader Views: 394
In a disturbing new report, it is revealed that every person who downloads an application through Google Play has had their personal information including name, email and address passed on to the developer without their knowledge or consent.
While this might be troubling, perhaps even more troubling is theÂ highly secretive relationship between Google and the U.S. National Security AgencyÂ (NSA), theirÂ ties to the U.S. intelligence communityÂ and theÂ lack of transparency in their so-called transparency reports.
Still, this â€śflaw,â€ť uncovered by an app developerÂ in Sydney, Australia, is no small matter. Perhaps the most concerning aspect of theÂ reportÂ by news.com.au is the point that the â€śflawâ€ť actually â€śappears to be by design.â€ť
The developer, Dan Nolan, has created an application that hit number one in the Australian app store and he says that he does not feel comfortable being the custodian of all of that personal information.
Furthermore, Nolan says that there is no reason any developer should have all of this highly personal information at their fingertips.
â€śLet me make this crystal clear, every App purchase you make on Google Play gives the developer your name, suburb and email address with no indication that this information is actually being transferred,â€ťÂ writesÂ Nolan on his blog.
â€śWith the information I have availableÂ to meÂ through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase,â€ť Nolan writes.
Nolan argues that the only way app developers should be able to get this information is if the users knowingly opt into it and â€śitâ€™s made crystal clear that Iâ€™m getting this information.â€ť
Currently, none of that takes place.
Claire Porter, the technology editor of news.com.au, points out that the problems posed by malware are even more serious than potential harassment from disgruntled app developers.
â€śWith Google customersâ€™ details just sitting in developers accounts, all it would take is a half decent piece ofÂ malware softwareÂ for that information to be accessed,â€ť Porter writes. â€śThese personal details could then be used to access the usersâ€™ bank details. Thatâ€™s also more than enough information to be able to access your other devices which could also be mined for more data â€“Â insurance information, other credit cards â€“ which could then be used to access your banking credentials.â€ť
In other words, this could present a quite attractive target for hackers looking to commit fraud on a massive scale.
According to Nolan, this could impact tens of millions of Google customers who have downloaded apps.
â€śAs far as I can tell this impacts every person who purchased an App on the Play Store,â€ť Nolan said to news.com.au.
â€śI canâ€™t see any way to opt out of providing that information and it seems to be a feature of the Google checkout process,â€ť Nolan said. â€śI donâ€™t know whether it applies to free apps, but there areÂ hundredsÂ of thousands of apps that are available for pay on the play store and there are millions of people who buy Android apps out there, Iâ€™d say easily millions or tens of millions of people.â€ť
â€śItâ€™s active in every market that Google accepts payment for apps,â€ť Nolan continued. â€śThatâ€™s a lot of people having their personal information handed over without them knowing.â€ť
Even more disturbing is that Nolan says user information has always been provided to developers as far as he can tell.
Nolan said he thinks the only reason it hasnâ€™t been discovered and exposed until now is â€śbecause the people who would have paid attention to it were likely exploiting it and selling usersâ€™ personal information, it using it as an extra source of revenue on top of what they were making off their Google Play/Android app.â€ť
According to Nolan, the amount of data provided by Google is ludicrous compared to that provided to developers by Apple.
â€śIn comparison to the information you get from Apple which is just a quantity of sales in a Country and then a check three months later, this is absolutely absurd,â€ť Nolan said.
â€śI doubt anyone expects to have their contact information, name and suburb sent to a developer purely because they decide to buy an app off the Play Store,â€ť he added.
Porter points out that while the GoogleÂ terms of serviceÂ indeed states that the company may store this type of personal information, theÂ Google privacy statementÂ says nothing about giving that information to developers whenever you pay for an app.
That being said, the terms of service does say that Google will hand over your address and other personal information if you purchase a magazine subscription but that is the only type of app mentioned.
â€śThis is a massive, massive privacy issue Google. Fix it. Immediately,â€ť Nolan concludes.
Unanswered questions remain: how many people have had their personal information released to developers without their knowledge and consent? How large is the security risk posed by the huge amount of information in the hands of potentially less-than-scrupulous developers?
Furthermore, how many developers have sold this information to third parties without user knowledge or consent? Will we ever know?
It will be fascinating to see how Google responds to this. They did not respond to news.com.au for comment, although the article was apparently changed in some way as an update reads, â€śThis story has been amended at the request of Google.â€ť without stating how it has been amended.
Delivered by The Daily Sheeple
Contributed by End The Lie of End the Lie.
End the Lie was founded in 2011 with the goal of publishing the latest in alternative news from a wide variety of perspectives on events in the United States and around the world. For more information, find End the Lie on Twitter and Facebook or check out our homepage.
Please share: Spread the word to sheeple far and wide
Leave A Comment...
The Daily Sheeple Home Page