CNET también está disponible en español.

Ir a español

Don't show this again

Mobile Apps

Android devs getting your personal info is nothing new

Yesterday, a story broke that Android developers get your full name and email address when you purchase an app. Before you panic, it's not a bug.

Yesterday, a story broke that Android developers get your full name and email address when you purchase an app. Before you panic, it's not a bug.

(Credit: Google)

As News.com.au reported yesterday, a fledgling Android developer by the name of Dan Nolan discovered something he found disturbing about the Google Play store. Whenever a customer purchases an app, the invoice received by the developer includes that buyer's full name, email address and general location.

"Every App purchase you make on Google Play gives the developer your name, suburb and email address, with no indication that this information is actually being transferred," he wrote. "This is a massive oversight by Google. Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it, and it's made crystal clear to them that I'm getting this information."

It should be noted that free app downloads do not give the developer this information.

The reason for this is the Google checkout system, which is Google's answer to PayPal and used increasingly on the web for a variety of purchase types, including both downloadable software and physical goods. When you make a PayPal purchase, the vendor receives similar information: your name, your email address and your street address.

And when you use either of these services, you are not making a purchase from either Google or PayPal — you are purchasing directly from the vendor, using the Google or PayPal service as a sort of digital wallet that stores your credit card information — keeping it secure at the same time. The vendors never get access to your banking details.

This is not a new feature of Google Play. Ever since the store opened, customers did business directly with the developers; and in fact, a developer by the name of Jesse Wilson (who created the Shush! app) noted it in November of last year.

We can see one advantage to allowing devs access to that information: it provides a direct line between vendor and consumer, allowing ease of communication in case of issues. Apple's app store does not provide devs with that information; and in order to get issues addressed or refunds issued, you usually have to go through Apple's circuitous help system.

On the other hand, as Jesse Wilson also noted, there is room for abuse by less-than-ethical vendors.

However, while it's true that Google could perhaps do more to notify customers that their information is being passed on, the Google Play terms of service do state:

In order to access certain services in Google Play, you may be required to provide information about yourself, such as your name, address and billing details. Google's privacy policies explain how we treat your personal data and protect your privacy when using Google Play. You agree that any such information you provide to Google will always be accurate, correct and up to date.

And in the privacy policies:

We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

And in the developer agreement:

You agree that if you use the Market to distribute Products, you will protect the privacy and legal rights of users.

Of course, that doesn't mean you as a user are entirely risk-free; but it's a risk you run any time you provide any personal information over the internet. Those Viagra spam emails don't come from nowhere.

In short, this is pretty standard for online payment processing. If it bothers you, you should probably stop shopping on the web.