Google cracks down on dodgy Android apps

Google has updated its Developer Program Policy to crack down on app behaviour around in-app payments, advertising and spyware.

After Google got hit with a class action suit earlier this month — and after apps were discovered using their host phones to mine for cryptocurrency unbeknown to the user — Google has made a few changes to its Developer Program Policy.

In an email to developers, Google noted that the changes focused on several areas, but mainly around how apps are presented to minors. These changes include:

• clarification on the company's stance regarding sexually explicit content;

• information on what tactics the company doesn't allow when promoting your app;

• a new provision that requires developers to state clearly if an advertised feature requires an in-app payment;

• clarification on the System Interference to prohibit browser modification by third parties or advertisements;

• re-emphasis that advertising behaviour must be properly attributed and clearly presented; and

• an update to the Policy Guidelines help site to address tracking and surveillance apps.

Firstly, let's look at in-app purchases. Google recently updated the Google Play site to include a disclaimer if an app offered in-app purchases; now, it aims to extend that. The updated policy reads:

Developers must not mislead users about the apps they are selling nor about any in-app services, goods, content or functionality they are selling. If your product description on Google Play refers to in-app features to which a specific or additional charge applies, your description must clearly notify users that payment is required to access those features.

This means that developers, if they advertise a feature — for example, an unlockable character — that requires an in-app purchase, they must clearly disclose that information. This was a long-overdue move from Google, which was behind Apple in IAP disclosure; Apple has for a long time displayed a list of the most popular in-app purchases in the iTunes App Store sidebar.

Interesting, also, is the clarification on sexually explicit content. Although Apple cracks down pretty hard on sexually explicit material, sometimes you can go two clicks into Google Play before stumbling across something that falls safely into the NSFW category. The former policy took a soft approach, merely noting that Google didn't "allow content that contains nudity, graphic sex acts, or sexually explicit material". The update takes a much harder line:

Apps that contain or promote pornography are prohibited; this includes sexually explicit or erotic content, icons, titles, or descriptions. Google has a zero-tolerance policy against child sexual abuse imagery. If we become aware of content with child sexual abuse imagery, we will report it to the appropriate authorities and delete the Google Accounts of those involved with the distribution.

This fits nicely with the ad policy, which states that "Ads which are inconsistent with the app's content rating also violate our Developer Terms". This means that apps suitable for children must only display ads that are suitable for children to see.

The new policy for in-app advertising also states that:

Ads must not simulate or impersonate the user interface of any app, or notification and warning elements of an operating system. It must be clear to the user which app each ad is associated with or implemented in.

Developers must follow similar guidelines when promoting their apps. The App Promotion section of the policy states that promotion by deception is strictly against the rules — and that developers will be held responsible for any ad network or affiliate that uses deceptive tactics.

Apps published on Google Play may not directly or indirectly engage in or benefit from the following behaviour:

• Promotion via deceptive ads on websites, apps or other properties, including simulated system, service, or app notifications or alerts.

• Promotion or install tactics which cause redirection to Google Play or the download of the app without informed user action.

• Unsolicited promotion via SMS services.

This last point is consistent with the spam policy, which now clearly states that apps cannot send SMS messages — or emails, for that matter — without obtaining the user's explicit consent.

Finally, Google has clarified that it does not allow apps that collect information about a user without their knowledge or permission. This includes location data and behaviour, as well as phishing apps, and includes products presented as a surveillance solution. Apps that do track a user's location — such as a child — must clearly display a persistent notification when the app is running.

Although an app marketplace the size of Apple's and Google's are difficult to monitor, Apple has been a bit better about deceptive behaviour. Google's new policies are a few welcome steps forward when it comes to user safety.

Although it can't hurt to keep putting your phone in airplane mode before handing it over to a child to play with.