Google is getting serious about app privacy. This week, the tech giant sent an email to developers across the globe, notifying them that if their apps violate the company’s User Data policy regarding privacy, they may be removed from the store, as reported by The Next Web.
Alternatively, developers can choose to opt out of this requirement by removing any requests for sensitive permissions or user data from the app, the message stated.
Developers must meet these policy requirements by March 15, 2017. If they do not meet that deadline, they risk having Google “limit the visibility of your app,” or even remove it from the Play Store, according to the email.
“I think it is a great thing that Google is putting more focus on users’ privacy,” said Engin Kirda, professor of computer science at Northeastern University. It is especially important in light of past cases in which apps available in the Play Store collected large volumes of sensitive data from users without their knowledge, including the URLs they visited, he added.
“By enforcing Google’s own user data policies, and making app developers provide privacy policies, Google is trying to improve the security and safety of the app store,” Kirda said. “It is a step in the right direction.”
Google’s move to protect app users from cybercrime follows Apple’s move to require all iOS apps to use HTTPS connections by a yet-to-be-determined deadline. In Apple’s case, once a deadline is set, app developers must enforce the App Transport Security (ATS) feature, which forces the connections to HTTPS instead of HTTP, in order to improve privacy.
However, sometimes even these protections are not sufficient. A verify.ly report released this week found that 76 popular iOS apps are vulnerable to data theft, regardless of whether or not developers are using ATS.
The Next Web story notes that the coming purge of apps that lack privacy policies will likely help rid the Play Store of “zombie apps” that contain security vulnerabilities, making it easier for users to find the safe apps they need.
The 3 big takeaways for TechRepublic readers
3. Google’s move is meant to increase user security; however, app developers should be vigilant about security protections whether or not they are required by a provider.