❤ Google is planning a big and mandatory overhaul of app privacy and security on the Play Store
Similar-sounding privacy details, but more and better information when it comes to your security
Last year, Apple rolled out a new set of what it called Privacy Labels for the App Store. These disclaimers were sort of like privacy-oriented nutrition information attached to each app listing, with developers supplying the details regarding exactly what data their apps collect and precisely how it’s used — assuming you trust them to be honest. The moment that news landed last year, expectations swung our collective attention at Google: When would Android and the Play Store get something similar?
The answer is “next year,” assuming the tentative schedule Google for the new “safety section” announced today holds up. And based on the details provided, it might beat Apple when it comes to caring about your security instead of just your privacy.
We don’t know what the new safety section will look like in action, and Google is still ironing out some of the particulars with developer feedback, but the overall strategy has been outlined in broad strokes.
A (chunky) example of a Privacy Label on the App Store.
The new safety section will offer similar data to Apple’s Privacy Labels (example visible above), with developers stating on their app listings exactly what type of data an app collects or stores and how that data is used. While we don’t know how Google will organize that information or if it will offer the same super-granular approach Apple does, it does sound like Google could intentionally going for something a little simpler — skeptics might claim that’s because Android cares less about your privacy, but to be honest, the way Apple shows that data does start to feel a little overwhelming and overcomplicated for big, monolithic apps with deep cross-service integrations, which are all the rage these days.
As in the case of Apple, Google will require that developers be honest and responsible for declaring what their apps use, and if they try to scoff the rules, they’ll have to either fix it or be subject to further “policy enforcement.” Though precise terms of enforcement haven’t been described, we have to assume it’s similar to violating other Play Store policies, which could mean things as simple as holding back updates, or potentially as extreme as app delisting for extreme violations. And Google is making itself and all its own apps subject to this same policy, so there isn’t a double standard, matching Apple.
However, in a few very significant ways, Google is also one-upping Apple, like security. This new safety section will also explain if an app follows specific security practices, like data encryption. Furthermore, these sorts of labels are only accurate so long as developers are honest about what they’re doing. To that end, Google will let apps declare if their privacy and security claims have been verified by an independent third party.
Apps on the Play Store will also explain if the permissions are required or optional, rather than just listing all possible permissions they could declare. For example: If you’re cool with a third-party photo app accessing your camera but not your microphone and it can take photos either way. Or, if a workout-tracking app can access your physical activity history but not your location directly and still follow your calories burned, etc.
Apps will also declare if they meet Google’s Families Policy, presumably making it easier to pick out family-friendly apps for the kiddos — though hopefully doing a better job of it than the kid-friendly section of YouTube. This would build upon the “teacher approved” badges that rolled out last year for the Play Store and policy changes in 2019 regarding apps that target specific age groups and which child accounts can be limited to with Family Link.
Very importantly, Google’s policy will also let apps highlight if customers can delete their data should they stop using an app. So if any of your data for an app is stored off your device (which plenty of apps do), you’ll know if that’s going to be someone else’s property for time immemorial or if you can tell them to toss it out when you decide you’re done playing Clash of Crush or whatever.
I honestly assumed that if Google rolled out its own version of Privacy Labels, they’d just be a straight clone of Apple’s system. But this policy is set to beat Apple when it comes to security and accountability, not just privacy.
There is one kind of major snag, though, and that’s Google’s timeline for this new Play Store safety section — outside the kind of “eh” name.
While it’s subject to change, this new section isn’t set to show up until next year, sometime in Q1 2022. That’s coming up on two years after Apple announced its privacy disclosures back in June 2020, which rolled out to phones last December. The formal policy details also won’t be standardized until Q3 of this year, and developers can start putting that info in their app listings around the end of the year.
The ultimate deadline by which all new and existing apps must declare details for the safety section is Q2 2022, and it isn’t immediately clear what might happen to the (probably millions of) apps on the Play Store that have been basically abandoned and will never be updated to honor this new policy — if, for example, they might still be available with a prominent warning and blocked from delivering updates until they do, or if they’ll be outright unlisted.
Developers hoping to participate in the conversation for the new safety section going forward are invited to review their apps and see what data is collected, saved, and where and how it’s sent anywhere. At the same time, they should review best privacy practices and best security practices, raising a stink as required should they run into any issues or questions Google might want to be aware of before the new rules are set in stone.