Months after Apple’s App Store introduced privacy labels for apps, Google announced that its own mobile app marketplace, Google Play, will follow suit. The company announced plans to introduce a new security section on Google Play, to be implemented next year, which will require developers to share what kind of data their apps collect, how it is stored and how it is used.
For example, developers will have to share what kind of personal information their apps collect, such as users’ names or emails, and whether they collect information from the phone, such as the user’s precise location, media files or contacts. Apps will also have to explain how it uses that information, for example, to improve functionality or for personalization purposes.
Developers that already adhere to specific security and privacy practices will also be able to highlight that in their app listing. On this front, Google says it will add new items detailing whether the app uses security practices such as data encryption; whether the app follows Google’s family policy, related to child safety; whether the app’s security section was verified by an independent third party; whether the app requires data to function or allows users to choose whether or not to share data; and whether the developer agrees to delete user data when one uninstalls the app in question.
Apps will also be required to provide their privacy policies. While clearly inspired by Apple’s tags, there are several key differences. Apple’s tags focus on what data is collected for tracking purposes and what is tied to the end user. Google’s additions seem to have more to do with whether or not the data being collected can be trusted to be handled responsibly, by allowing the developer to show whether or not it follows best practices in data security, for example. It also gives the developer a way to make a case for why they are collecting data directly on the listing page.
Another interesting addition is that Google will allow app data tags to be independently verified. Assuming these verifications are handled by trusted names, they could help convey to users that the disclosures are not lies. One of the early criticisms of Apple’s privacy labels was that many provided inaccurate information and also got away with it.
Google says the new features won’t roll out until the second quarter of 2022, but wanted to announce them now to give developers enough time to prepare. Of course, there’s a lot of irony in a Google app privacy announcement.
The company was one of the longest holdouts to issue privacy labels for its own iOS apps as it rushed to review content and label disclosures. After initially claiming that its labels would be released “soon,” many of Google’s top apps entered an extended period in which they received no updates because they did not comply with App Store policies.
Google took months after the deadline to provide labels for its major apps. And when it did, critics, such as privacy-focused search engine DuckDuckGo, scoffed at the amount of data collected by apps like Chrome and Google.
Google’s plan to add a security section of its own to Google Play gives it a chance to change the narrative a bit. It’s not necessarily a privacy push and it’s not even called privacy labels. The changes seem designed to allow app developers to better explain whether their app can be trusted with your data, rather than setting the expectation that the app shouldn’t collect data in the first place.
It remains to be seen how well this will resonate with consumers. Apple made a strong case that it is a company that compares user privacy and is adding features that put users in control of their data. It’s a tough argument to fight, especially in an era that saw too many data breaches to count, careless handling of privacy by tech giants, widespread government spying and a creepy ad tech industry that grew to feel entitled to undisclosed user data collection.
Google says that when the changes are implemented, non-compliant apps will be required to correct their violations or be subject to policy enforcement. It did not yet detail how that process will be handled, or whether it will halt app updates for those that are violators.
The company noted that its own apps will be required to share this same information and also a privacy policy.