Google Play hands your personal info to each developer with every app purchase

Google Play hands your personal info to each developer with every app purchase
Since it appears to be by design, it would not be called a flaw, but a developer in Australia has found that he is not very comfortable being given all this information when someone downloads his app.

What Dan Nolan does not know is if this information is forwarded by Google to developers of free apps, but when he logged into his Google Play account to update payment details for his famed Australian app, “Paul Keating Insult Generator” (the iOS version of which made it to number 1 in the Australian App Store), he was surprised when he noticed that the merchant section of his account had the full name, address and email of every person that bought his app. Moreover, it even had the information of people that started to buy the app, but canceled the purchase.

Nolan believes that every person that purchased an app in Google Play is affected by this. Google’s terms of service clearly state that personal information is required to be provided, and that it will share address and personal information if you purchase a subscription to a magazine. That is understood since purchases involve being able to verify billing information and require sending a product to your home or place of business. Google’s privacy policy says what information is collected but does not detail how personal information is shared with developers after an app purchase. In fact, the only parts of personal data that are stated to require an opt-in are “sensitive personal information.”

Google’s definition of sensitive personal information is “a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.” Nolan says it is a sharp contrast from what he received from Apple for his iOS app, “just a quantity of sales in a Country and then a cheque three months later.”

For now, know that every time you purchase an app on Google Play, the developer of that app will receive your name (understandable), address (not understandable) and email (understandable). Google’s “Business and Program Policies” only state, “Don't publish other people's private and confidential information, such as credit card numbers, Social Security Numbers, driver's and other license numbers, or any other information that is not publicly accessible.”

However, Google’s payment terms for those that accept payments through Google Payment Corporation, specifically prohibit the seller from using a buyer’s information obtained through GPC. A developer may use any “approved” payment processor, but GPC is the “checkout” summary for the developer. When you see the checkout summaries, you can clearly see that it is a system designed for physical goods and services. Google’s Developer Distribution Policy does not explicitly state that personally identifiable information is shared with the developer and only has two ambiguous parts to section 9 of the distributor agreement.  It could be argued that an enterprising developer will find a way to monetize your information beyond the app purchase or, just a feasible, the distribution of information increases the risk of your personal information falling into the wrong hands.

While Google’s privacy policy has been the subject of much debate for some time, right or wrong, we contend that this specific practice is not an indicator of being a good steward with personal information. If physical goods were being ordered that is one thing, but since Google is the mediator over these Google Wallet transactions, it is Google that “needs” all the information.

Recommended Stories
What does this all mean to you? Everything done online has an inherent risk to it and we do not believe this is the end of the world, but lately it seems that Google is falling into a perpetual loop of privacy concerns.

sources:, Dan Nolan and Droid Life

references: Google Play Terms of Service, Google Privacy Policy, Google Play Business and Program Policies, Google Developer Distribution Agreement, Google Payment Corp., Google Wallet Privacy Notice

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless