Comments:" Android Play Store Privacy - codebutler"
URL:http://codebutler.com/2013/02/13/play-store-privacy/
News of a "massive" privacy issue with the Google Android Play Store was reported today by several popular news sites and blogs including Reddit, Daring Fireball, ZDNet, and news.com.au.
The controversy is around how Google auomatically shares detailed personal information of everyone who purchases a paid app with the app's developer.
I first noticed this back in July 2012:
I wonder if most Android users realize that when you buy an app in the Play Store the seller can see your name, address, email, and phone.— Eric Butler (@codebutler) July 6, 2012Other well-known Android developers postedabout this in November 2012. A Google employee replied to one of these post explaining the situation:
With apple's app store you buy the apps from apple. With google play you buy the apps from the developer. If you are the merchant of record you need to know the address to correctly compute sales tax. This is documented on http://support.google.com/googleplay/android-developer/bin/answer.py?hl=en&answer=138000. Google cannot give tax advice, so we have to give you the data to make the determination yourself.This makes sense, but is not clearly communicated to users or developers.
When you buy a physical product online you obviously need to share your address with the seller, and the checkout flow makes this very clear. When buying an Android app, there's no indication that any of this information is shared, and the buyer has no opportunity to select which address or phone number to use for the purchase.
Apple set a very high bar for privacy when they launched the App Store: Developers are given zero information about customers. When Google copied it to create the Android Market, expectations had already been set.
The Android Market didn't initially support paid apps, and it always seemed that support for paid apps was hastily bolted on. For example: When someone "returns" your app within the 15 minute window, the developer receives an email reminding them to not "process or ship this order.", which clearly makes no sense.
There's also no email when someone successfully buys your app, which might actually be useful and like Apple, Google offers absolutely no information to developers about who downloaded free apps: there's a huge gap. Because the entire experience of purchasing Android apps is so sloppy, it's not unreasonable to assume that this privacy issue was actually an oversight.
Google's privacy policy says "We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances apply" … and goes on to list scenarios that do not obviously apply to purchasing apps or other content.
Google should follow Apple's lead and offer users and developers better privacy protection.