Developers were as shocked as their customers to discover they are getting personal information from every everyone who purchases an Android app in the Google's Play store last week, and they are demanding the company change its policies.
The scandal broke when Dan Nolan, an Android developer based in Australia, noticed personal details on customers of his Paul Keating Insult Generator app. This included names, e-mail addresses and even the suburbs in which they live. He reacted on his blog with scathing comments about Google.
With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase. The problems on android of app permissions (and subsequent potential for malware aside) is one of active negative behaviour on the part of an app developer. This isn't. This is a massive oversight by Google. Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it and it's made crystal clear to them that I'm getting this information. This is a massive, massive privacy issue Google. Fix it. Immediately."
Other developers quickly got involved and did their own digging.
So I investigated this further it seems around December 2012 is when Google stopped anonymising email addresses in Google Play purchases— Russell Ivanovic (@rustyshelf) February 14, 2013
Privacy experts later verified Nolan's claims.
Not surprisingly, the general public was taken aback by the news.
The google play store apps cross all lines of protection of personal information & identity. Full on invasion of privacy. How is this legal?— Atlantisgirl (@ATLANTISGIRL5) February 13, 2013
As were other industry observers:
Privacy issues with Google Play purchases. But hey Android is so much more "open" compared to "closed", "locked-down" App Store, right?— Jean Burgess (@jeanburgess) February 13, 2013
Google has responded to some bloggers via a spokeperson, pointing to its support site and issuing the following statement:
With apple's app store you buy the apps from apple. With google play you buy the apps from the developer. If you are the merchant of record you need to know the address to correctly compute sales tax. This is documented on http://support.google.com/googleplay/android-developer/bin/answer.py?hl=en&answer=138000. Google cannot give tax advice, so we have to give you the data to make the determination yourself."
Eric Butler, a developer based in Seattle, said collecting the information and providing them to developers isn't the key issue so much as being transparent about it. Let's give him the final word, as told on his blog:
Apple set a very high bar for privacy when they launched the App Store: Developers are given zero information about customers. When Google copied it to create the Android Market, expectations had already been set. ... Google should follow Apple's lead and offer users and developers better privacy protection."