x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Google Play hands your personal info to each developer with every app purchase

Google Play hands your personal info to each developer with every app purchase

Posted: , by Maxwell R.

Tags:

Google Play hands your personal info to each developer with every app purchase
Since it appears to be by design, it would not be called a flaw, but a developer in Australia has found that he is not very comfortable being given all this information when someone downloads his app.

What Dan Nolan does not know is if this information is forwarded by Google to developers of free apps, but when he logged into his Google Play account to update payment details for his famed Australian app, “Paul Keating Insult Generator” (the iOS version of which made it to number 1 in the Australian App Store), he was surprised when he noticed that the merchant section of his account had the full name, address and email of every person that bought his app. Moreover, it even had the information of people that started to buy the app, but canceled the purchase.

Nolan believes that every person that purchased an app in Google Play is affected by this. Google’s terms of service clearly state that personal information is required to be provided, and that it will share address and personal information if you purchase a subscription to a magazine. That is understood since purchases involve being able to verify billing information and require sending a product to your home or place of business. Google’s privacy policy says what information is collected but does not detail how personal information is shared with developers after an app purchase. In fact, the only parts of personal data that are stated to require an opt-in are “sensitive personal information.”

This is the summary of activity page a developer sees. Image from DroidLife

This is the summary of activity page a developer sees. Image from DroidLife

Google’s definition of sensitive personal information is “a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.” Nolan says it is a sharp contrast from what he received from Apple for his iOS app, “just a quantity of sales in a Country and then a cheque three months later.”

For now, know that every time you purchase an app on Google Play, the developer of that app will receive your name (understandable), address (not understandable) and email (understandable). Google’s “Business and Program Policies” only state, “Don't publish other people's private and confidential information, such as credit card numbers, Social Security Numbers, driver's and other license numbers, or any other information that is not publicly accessible.”

However, Google’s payment terms for those that accept payments through Google Payment Corporation, specifically prohibit the seller from using a buyer’s information obtained through GPC. A developer may use any “approved” payment processor, but GPC is the “checkout” summary for the developer. When you see the checkout summaries, you can clearly see that it is a system designed for physical goods and services. Google’s Developer Distribution Policy does not explicitly state that personally identifiable information is shared with the developer and only has two ambiguous parts to section 9 of the distributor agreement.  It could be argued that an enterprising developer will find a way to monetize your information beyond the app purchase or, just a feasible, the distribution of information increases the risk of your personal information falling into the wrong hands.

This is the order detail page for an app purchase. Image from DroidLife

This is the order detail page for an app purchase. Image from DroidLife

While Google’s privacy policy has been the subject of much debate for some time, right or wrong, we contend that this specific practice is not an indicator of being a good steward with personal information. If physical goods were being ordered that is one thing, but since Google is the mediator over these Google Wallet transactions, it is Google that “needs” all the information.

What does this all mean to you? Everything done online has an inherent risk to it and we do not believe this is the end of the world, but lately it seems that Google is falling into a perpetual loop of privacy concerns.

sources: news.com.au, Dan Nolan and Droid Life

references: Google Play Terms of Service, Google Privacy Policy, Google Play Business and Program Policies, Google Developer Distribution Agreement, Google Payment Corp., Google Wallet Privacy Notice

75 Comments
  • Options
    Close




posted on 14 Feb 2013, 16:27 12

1. Ninetysix (Posts: 1574; Member since: 08 Oct 2012)


Bad Google..bad. Let's hear some comments from the loyal fandroids please.

This is going to be good /popcorn

posted on 14 Feb 2013, 16:29 11

3. Sniggly (Posts: 6951; Member since: 05 Dec 2009)


Nice job baiting there.

posted on 14 Feb 2013, 18:09 5

18. Mxyzptlk (limited) (Posts: 3510; Member since: 21 Apr 2012)


Reality of the truth isn't bait.

posted on 14 Feb 2013, 20:09 5

32. SamsungFan (Posts: 201; Member since: 16 Apr 2012)


Anyway Google is not tracking users as the rotten apple did... :-D

posted on 14 Feb 2013, 23:16 3

50. Mxyzptlk (limited) (Posts: 3510; Member since: 21 Apr 2012)


That was an issue blown out of proportions. This is way worse than that. Your address is being shared with developers whether you consent to it or not. Does that not bother you?

posted on 15 Feb 2013, 00:18 1

53. Nadr1212 (Posts: 741; Member since: 22 Sep 2012)


Stupidity is traveling among Google these days.

posted on 15 Feb 2013, 06:33 3

60. anywherehome (Posts: 971; Member since: 13 Dec 2011)


surprise: I give my personal info to every e-shop when I buy something!

or maybe should I give there fake name and delivery to Alaska?

and in Android I CAN put there fake name ;)

posted on 15 Feb 2013, 06:52

61. anywherehome (Posts: 971; Member since: 13 Dec 2011)


this is much much worse: very very poor iToys security:
goo [dot] gl/s8Ykw

posted on 14 Feb 2013, 18:02 4

14. joey_sfb (Posts: 2892; Member since: 29 Mar 2012)


Good that these is made known. Google do need to justify why delivery address is reveal to developer. It will open us to spam if the developer is a popular one and choose to do so.

posted on 14 Feb 2013, 18:09 6

17. Mxyzptlk (limited) (Posts: 3510; Member since: 21 Apr 2012)


This is getting ridiculous. Google is seriously starting to piss me off with how they handle users' private info. They shouldn't have escaped the FTCs probe with a slap on the wrist if they're doing this. I do not want my gf's info being given out every time she buys an app off the Play store.

posted on 14 Feb 2013, 22:12 3

42. Jonathan41 (Posts: 526; Member since: 22 Mar 2012)


How does it feel to get some thumbs up for a change? Your like the Fox News of phonearena right now. Trying scare everybody by exaggerating on something thats not really a big deal.

posted on 15 Feb 2013, 03:43 5

56. techtruth (Posts: 30; Member since: 07 Feb 2013)


YOU DON'T HAVE A GIRLFRIEND

posted on 16 Feb 2013, 23:52

69. Berzerk000 (Posts: 4000; Member since: 26 Jun 2011)


Come on, this is what happens with ANYTHING bought with any form of payment except for cash, and you can't buy apps with cash. This is by no means bringing harm to the consumers, and if it is, please show me something about Android users being harassed by a developer in some way with this information.

posted on 14 Feb 2013, 21:39

39. RaKithAPeiRiZ (Posts: 1339; Member since: 29 Dec 2011)


not a conspiracy theorist , but i smell that this is a very bad decision...too bad i get most of my apps in apk format

posted on 14 Feb 2013, 22:44 4

45. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


Funny...I get the same info about the developer....except a real name. Some cases I do. Whats the problem again?

Hey, do any of you have a credit card? Bank card? Ever buy something on Xbox Live, PSN?

Ever buy anything online?

Exactly.

Have a Paypal or Ebay account? Ever sold anything on Ebay? Ever used Paypal to buy or sell something?

Exactly.

Its called....a merchant...account. Geniuses.

posted on 15 Feb 2013, 00:21

54. Nadr1212 (Posts: 741; Member since: 22 Sep 2012)


And thi s is called VIRTUAL purchases that probably wont b delivered to your door, GENIUS!

posted on 15 Feb 2013, 06:21 2

58. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


If thats the case.......GENIUS....why do I get the developers address and email info...and in some cases their real name...in my transaction info?

Or did you NOT read the very first line in my post?

You must have never bought anything online before...its possible.

posted on 15 Feb 2013, 01:19

55. Topcat488 (Posts: 1141; Member since: 29 Sep 2012)


If you don't know by now, let it be known... Google has been rumored too be a illumi-nutty participant... And NWO New World Order... It's FREE, the App is FREE... Think about it, now install the App, and get in line. ^(T-T)^ Big Brothers Watching.

illuminate : illumi-nutty

posted on 14 Feb 2013, 16:29 10

2. Sniggly (Posts: 6951; Member since: 05 Dec 2009)


The question is: what can be done with this information? The answer: nothing explicitly harmful. I don't know why such information is provided to devs, but it's not like it's being publicized.

In short, I'm not fond of this action by Google, but it's not the worst thing I could hear about them.

posted on 14 Feb 2013, 16:33 8

7. lolioslol (banned) (Posts: 182; Member since: 10 Dec 2012)


Because people are f*cking retarded when it comes to their personal info. I have had people refuse to give me the last four of their soc so I can look at their acct to upgrade their phone/add a line/even just access it. It's like
"hey dipsh*t you gave us the info when you started the account, what's the problem? I couldn't do anything with that info if I wanted to, and f*ck you for the implication!"

posted on 14 Feb 2013, 17:40 6

13. UrbanPhantom (Posts: 949; Member since: 30 Oct 2012)


So, your information is being doled out to an infinite number of so called developers, some of which are probably not even legit, and you don't think it's a problem? I guess Android users are so accustomed to having their data stolen they don't get bothered anymore ;o)

posted on 14 Feb 2013, 18:20 4

20. Mxyzptlk (limited) (Posts: 3510; Member since: 21 Apr 2012)


+1 for the truth.

posted on 14 Feb 2013, 20:45 1

35. Droid_X_Doug (Posts: 5729; Member since: 22 Dec 2010)


The information is not doled out to all developers. Only those you have purchased an app from. Or visited their app page. If you don't want information shared while you are visiting a developers app page (but before purchasing), don't log into the Play store and use anonymous browsing.

posted on 14 Feb 2013, 18:11 4

19. Mxyzptlk (limited) (Posts: 3510; Member since: 21 Apr 2012)


Sniggly why do you continue to defend controversial actions like this? Have you forgotten how many rogue apps have made it into the Play Store? Imagine all of that personal info leaking out into the hands of a crook.

They only need a few pieces to commit fraud.

You need to see past your preference to Google and see the huge wrong here.

posted on 14 Feb 2013, 18:32 3

22. samystic (Posts: 190; Member since: 25 Mar 2012)


so much for 100000+ apps bragging by fandroids... most of them are rogue and useless

posted on 14 Feb 2013, 19:05 2

25. VZWuser76 (Posts: 1352; Member since: 04 Mar 2010)


Have any proof to back up that claim? I'm not saying Google is in the right here, far from it. But as someone else said, it's not any different than any other time you buy something over the phone or internet with your credit card. They may have a reputation to maintain, but that doesn't mean they can't or won't do it. Hell, all it would take is one disgruntled employee who takes down your number and your bank account is lower.

But to make a claim that most apps on the play store are rogue is baseless. Are there some that are? Sure, but does that mean that most are? I don't know and neither do you. If you were to make baseless claims like that about a group of people, it's called slander.

While I don't like that they're doing this, the only ways to effect change would be to 1. Not buy apps, 2. Start a petition, or 3. Contact the BBB or your elected officials. And if you think that Google is the only company doing this, your in denial. Along with them are Facebook, Amazon, Microsoft, & even Apple. The amount of info they have may vary, as is the amount they share. But if you were able to determine what they actually have on you, you'd be surprised, and probably frightened and angry as well.

posted on 14 Feb 2013, 19:16 4

26. VZWuser76 (Posts: 1352; Member since: 04 Mar 2010)


Here is a screenshot of what the developer receives when someone buys their app. As you can see, it's no different than what any merchant would get when you purchase over the internet. And as someone else in that comment section said, the only anonymous way to buy anymore is with cash. If you use a check, money order, credit card, bank transfer, etc., they will have at least that amount of info. Even using paypal, they still get your name, address (to ship the product to), and your email. So if this really turns you away from dealing with Google, you better only purchase your stuff with cash in a physical store.

Here's the screenshot:

https://securecdn.disqus.com/uploads/mediaembed/images/434/1587/original.jpg

posted on 14 Feb 2013, 22:47 1

46. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


EXACTLY!!!.

How do ppl that buy things online think its done, magic fairy dust?

Do they somehow thing iOS devs ...dont...hve access to the same info? Either the iOS devs do....or Apple does...one or the other.

posted on 14 Feb 2013, 22:55

47. samystic (Posts: 190; Member since: 25 Mar 2012)


rogue??? please read the news again... and i m not selectively mentioning anything

useless??? please generate a list of 10 apps that are required everyday (irrespective whether you have internet connection or no)... i do not consider games as apps... so please deduct 50% from that list

posted on 14 Feb 2013, 23:43 1

52. VZWuser76 (Posts: 1352; Member since: 04 Mar 2010)


You called the apps rogue in your comment, saying that most of the apps in the playstore were "rogue and useless". When I said baseless (not useless), I meant that you had no proof of your claim that MOST of the apps are rogue and useless.

As far as the apps being useful or not is irrelevant. What's useful to you may not be to me, and vice versa. In reality, NO apps in ANY app store (Google's, Apple's, Microsoft's, Blackberry's, etc.) are NECESSARY for everyday. That implies that a person can't survive the day without them. And there is not a SINGLE app that will mean someone dying if they don't use it.

ALL I was saying was that you had no proof of your claims. It would be no different than me saying that most people from New York are rude. I can make the claim but I have no proof that it's true. Unless you can show me facts that say that over 50% of Play Store apps are rogue, you are making a baseless claim. Anything else is your opinion, which like a**holes, everyone has one.

posted on 14 Feb 2013, 19:49

30. D_Tech-tive (Posts: 104; Member since: 12 Feb 2012)


Most are the same apps on Apple but at least most we don't have to pay for.

If most were rogue or useless there wouldn't be no Android Eco system you see today which covers more phones and people than Apple.

Android fans don't just accept stuff like Ifollowers cause Apple says so.

My apps work fine! Now I have come across some that didn't work properly but that happens when you have so many different phones with different specs using the same software.

Not a problem for Apple since choice is VERY limited to say the least!

posted on 14 Feb 2013, 19:01 4

24. Sniggly (Posts: 6951; Member since: 05 Dec 2009)


Did I defend the move? No I didn't. I just noted that the danger is relatively minimal.

posted on 14 Feb 2013, 19:22 1

27. Mxyzptlk (limited) (Posts: 3510; Member since: 21 Apr 2012)


I detect a hint of denial in your comment.

posted on 14 Feb 2013, 19:34 4

28. Sniggly (Posts: 6951; Member since: 05 Dec 2009)


And I detect hypocrisy in yours.

posted on 14 Feb 2013, 21:39

38. Mxyzptlk (limited) (Posts: 3510; Member since: 21 Apr 2012)


I detect backtracking in yours.

posted on 14 Feb 2013, 22:13

43. Jonathan41 (Posts: 526; Member since: 22 Mar 2012)


I'm scared for my life...

posted on 15 Feb 2013, 03:46

57. techtruth (Posts: 30; Member since: 07 Feb 2013)


LOOOL

posted on 14 Feb 2013, 16:32 4

4. dsDoan (Posts: 216; Member since: 28 Dec 2011)


I don't know why devs are sent this info, but if you gave permission when you agreed to the ToS, then Google hasn't done anything wrong.

posted on 14 Feb 2013, 18:46 2

23. NexusKoolaid (Posts: 293; Member since: 24 Oct 2011)


Illegal and wrong are two different things. The ToS gives them legal protection, but still doesn't make this a good idea.

posted on 20 Feb 2013, 15:28

74. donked (Posts: 4; Member since: 20 Feb 2013)


They have to be able to provide proof of purchase. No different than paypal.

posted on 14 Feb 2013, 16:33 5

5. Android4u (Posts: 456; Member since: 16 Aug 2012)


Love Google, but never been a fan of their privacy policy

posted on 14 Feb 2013, 16:33 2

6. Tele7 (Posts: 47; Member since: 12 Dec 2012)


Since the apps always warn about what it can use from the personal datas, I don't care what else the developer get. What can they do? Nothing big, why would a developer mess with my, little ant citizen's information anyway?

posted on 14 Feb 2013, 16:45

8. Cha7520 (Posts: 210; Member since: 31 Oct 2010)


hmmm.....interesting

posted on 14 Feb 2013, 20:37 2

34. joey_sfb (Posts: 2892; Member since: 29 Mar 2012)


Do you see what i see? Apple fan boys in full force. Most of them might not use Android device to begin with.

posted on 14 Feb 2013, 16:50 2

9. appanji (Posts: 4; Member since: 15 Dec 2012)


thanks to illegal apps, so google can kizz my azz getting my info, all my apps and downloaded outside :), so as long as u dont pay for the apps, ur info is safe.. NICE !!!

posted on 14 Feb 2013, 18:06 1

15. joey_sfb (Posts: 2892; Member since: 29 Mar 2012)


Yup! Good luck to you, that how 99% of android device get infected by malware.

Besides, those information is hardly detail enough compare to your stealing everything about you through a trojan horse

posted on 14 Feb 2013, 17:03 2

10. jdubis (Posts: 14; Member since: 15 Jan 2012)


Its for legal reasons. This information is needed in the event of a lawsuit or patent infringment case. For example look at instagram.

posted on 14 Feb 2013, 17:12 4

11. Owlet (Posts: 446; Member since: 21 Feb 2011)


You know what, when I go and buy something in a store, they have A LOT more information about me than just my name and email. They have my credit card numbers, my address, my name, my telephone number, depending on what I buy, they also have my SS number.
Maybe we're being a little overexcited here?

posted on 14 Feb 2013, 17:32 2

12. UrbanPhantom (Posts: 949; Member since: 30 Oct 2012)


Nice comparison, but not quite, as the majority of companies have something called a reputation to protect. Small time developers are not exactly a trusted source, comprende? Scrawl your personal info and credit card numbers on the seat of a city transit bus, and then you'll begin to understand..

posted on 14 Feb 2013, 18:08 3

16. joey_sfb (Posts: 2892; Member since: 29 Mar 2012)


The screen shot does not show credit card information to developers. Are you sure about what you are saying?

posted on 14 Feb 2013, 23:15 1

49. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


Yea....it never said credit card info. Another example of this guy....not posting facts..but posting...something else.

The article said name, address, and email address.

posted on 14 Feb 2013, 18:29 2

21. samystic (Posts: 190; Member since: 25 Mar 2012)


privacy does not exist in Google's dictionary

posted on 14 Feb 2013, 19:48 1

29. jacko1977 (Posts: 388; Member since: 11 Feb 2012)


i dont see anything wrong ? can someone point out where the problems are ?

posted on 14 Feb 2013, 20:05

31. UrbanPhantom (Posts: 949; Member since: 30 Oct 2012)


Relax: there is no problem! Now please excuse me while I use your name, addy, and banking info to distribute fake cheques ;o)

posted on 14 Feb 2013, 22:57 1

48. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


If people are paranoid of people having name, addy and banking info from purchases from your smartphone or website....they better not buy anything online.

Better not buy anything from iTunes...or buy iOS games. No matter what OS or platform you use, desktop or mobile.....there is a chance for wrong doing with your info.

posted on 14 Feb 2013, 23:17

51. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


Btw....this article is about name, address and email adress. Not credit info, Not banking info.

Nice try trying to add extra fuel to the article tho.

posted on 15 Feb 2013, 11:23

65. UrbanPhantom (Posts: 949; Member since: 30 Oct 2012)


The reality is that Android is inherently insecure, and personal data is being hijacked and stolen on a regular basis without the knowledge of the victims...

The only fuel being added is by diehard Android fans attempting to defend irresponsible or negligent actions by Google and individual Android developers.

posted on 15 Feb 2013, 17:13

68. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


So....every body that uses Ebay and pay pal...are irresponsible?

I suggest you sell something on Ebay...and try to have this conversation again. I'm pretty sure there are ways Google can take the necessary steps in case any wrong doing happens...just like with Ebay. You can put your bank and credit card info in a site you think is fine....only to have fraud happen.

But thanks for being concerned about Android users... :/

posted on 20 Feb 2013, 15:25

73. donked (Posts: 4; Member since: 20 Feb 2013)


Your point is that SE linux is insecure? Is that where you're going with this? Is it any less than secure than having your iPhone decrypt itself? Or how about the program that decrypts iCloud information? Is that less secure?

Users make the devices insecure. And as far as I know both apple and android both have users. And to a large extent the applications are the same across both platforms.

posted on 20 Feb 2013, 15:21

72. donked (Posts: 4; Member since: 20 Feb 2013)


You're using Google wallet when you purchase through the Play store. Which in turn creates a virtual cc number. Nice try though. Even if they wanted to try and rip you off they wouldn't be able to. On top of which CC info is not delivered, only enough information to show proof of sale. This is no different than paypal. Not even in the slightest. What's even more interesting about these apple fanboys is that they troll posts like this when they bought their macbook on ebay, using paypal, because the industry standard hardware was to too expensive to buy new. Congrats even account on ebay definitely has a reputation to uphold, certainly wouldn't be ANY malice there.

Want to comment? Please login or register.

Latest stories