Android apps will have to make explicit what customer and device data is being used, for what purpose, and when. If devs don't comply, the apps will be flagged with warnings.
Google has announced new standards for apps and websites that gather or transmit personal details about their users.
Enforcement of the new policy will begin on January 30, 2018, at which time users will see warnings on apps and websites leading to apps that are known to collect user data without consent.
The changes will probably affect legitimate app developers as well--the 60-day mark will be a hard start for warnings to begin appearing, which could drive traffic away from apps and websites that haven't complied with the new policy.
Google's new plan to protect Android users
When Google's Safe Browsing changes take effect, any app that handles personal or device data will be required to let users know that it's doing so.
SEE: 15 books every programmer should read (free PDF) (TechRepublic)
- Describe what's being collected and why
- Display the information in an easy-to-access area
- Provide the information in an area separate from the terms of service
- Describe everything in a "clear and unambiguous way"
- Wait to transmit any information until after the user has verified their acceptance of privacy terms
- Only accept positive affirmation as agreement to transmit data (backing out of a screen or ignoring the notification cannot count as accepting it)
- Dsplay privacy information in a non-expiring window
Any time data is transmitted--even crash reports to developers--the user has to be made aware of what is being sent and why. It's reasonable to expect nearly every single app developer to have to make at least some changes to their app design in light of these new requirements.
What developers have to do to comply
Anyone who publishes apps for Android--even those released through third-party channels--will feel the effects of this new policy.
It's unclear how Google plans to enforce its new requirements, but developers who don't make required changes may see download rates and website traffic drop if users are being given privacy warnings.
Google provided several steps for web and application developers to become, and remain, compliant:
- Everyone should review Google's Unwanted Software Policy to see if they're violating any rules.
- Web developers who notice warnings on their sites should "refer to the Search Console for guidance on remediation and resolution of the warnings."
- App developers whose apps are flagged "should refer to guidance in the Unwanted Software Help Center."
- If an app is being flagged with a warning, its developers can also file a request to have it removed through the App Verification and Appeals process.
That 60-day clock is ticking--don't be caught with an unprepared app or website that costs you or your company money.
The top three takeaways for TechRepublic readers:
- Google has updated its standards for the collection and use of user data by apps and websites. The changes, which go into effect on 30 January 2018, will require apps and the websites hosting them to clearly notify users what is being gathered and why.
- Any part of an app that transmits user or device data (even something as simple as a crash report) has to be explained to, and accepted by, the user.
- Google has provided a number of steps and documents for developers to use in remediating potential problems with apps and sites.
- Big data privacy is a bigger issue than you think (TechRepublic)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNET)
- How to make confusing privacy policies usable (TechRepublic)
- Artificial intelligence and privacy engineering: Why it matters NOW (ZDNET)
- Five ways to maintain your privacy on your smartphone, no downloads required (TechRepublic)