Subscribe

Google Play enforcement bots are on the case —

Google Play hides app permissions in favor of developer-written descriptions

Let's hope nobody lies about what permissions their app uses.

-

  • Scroll down on a Google Play app listing and you'll soon see this new privacy section.
    Google
  • Tap on it and you'll get this page, which details the data that apps collect and how it is stored.
    Google
  • You can tap on each item for a bit more detail.
    Google

Google's developer deadline for the Play Store's new "Data Safety" section is next week (July 20), and we're starting to see what the future of Google Play privacy will look like. The actual Data Safety section started rolling out in April, but now that the developer deadline is approaching... Google is turning off the separate "app permissions" section? That doesn't sound like a great move for privacy at all.

The Play Store's new Data Safety section is Google's answer to a similar feature in iOS 14, which displays a list of developer-provided privacy considerations, like what data an app collects, how that data is stored, and who the data is shared with. At first blush, the Data Safety entries might seem pretty similar to the old list of app permissions. You get items like "location," and in some ways, it's better than a plain list of permissions since developers can explain how and why each bit of data is collected.

The difference is in how that data ends up in Google's system. The old list of app permissions was guaranteed to be factual because it was built by Google, automatically, by scanning the app. The Data Safety system, meanwhile, runs on the honor system. Here's Google's explanation to developers of how the new section works:

You alone are responsible for making complete and accurate declarations in your app’s store listing on Google Play. Google Play reviews apps across all policy requirements; however, we cannot make determinations on behalf of the developers of how they handle user data. Only you possess all the information required to complete the Data safety form. When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action.

It wasn't entirely clear that the permissions section would be going away when Data Safety launched. It's a strange regression to go from computer-verified facts to the honor system. It's also hard to trust Google's ability to "become aware of a discrepancy" in the Data Safety screen when the Play Store already has a huge amount of enforcement and rule problems. It seems like it would be better to combine the two systems—generate a list of permissions and let developers describe how each one is used.

Listing image by Google Play

Ron Amadeo Ron is the Reviews Editor at Ars Technica, where he specializes in Android OS and Google products. He is always on the hunt for a new gadget and loves to rip things apart to see how they work. He loves to tinker and always seems to be working on a new project.

Channel Ars Technica

Related Stories

    Today on Ars