In the wake of recently reported Android apps that collect data that is not required to run the app, Google is cracking down. Anyone who used the ai.type Keyboard app, which is 31 million users, probably already knows that the the app transmitted and stored personal data in direct contrast to their privacy policy. Individuals first and last names, plus their email address and contacts, were unsecured. Any cybercriminal could have found the information and used it to send legitimate looking phishing emails. There is no indication of a hack, or that the developer was selling the information, but a disaster could have ensued. The data is password protected now, but Android apps were getting a bad reputation compared to iOS apps.
Developers have 60 days to make sure that their apps comply with Google’s new privacy guidelines, which state that applications that wish to collect data that is not required for the app’s functionality, have to inform the person downloading the app what they intend to do with the data. Downloaders will have to agree before proceeding. Apps that want personal information will have to have a privacy policy as well. Developers who fail to comply will see their app disappear from the Google Play store.
While the ai.Type Keyboard app did say that it collected personal information, 31 million users did not appear upset that a keyboard app would want their contacts, since it is not a messaging application. People depend on Google Play to protect them from unsafe or malicious apps, but some slip through the cracks. Still, downloading non-Google Play Store apps is dangerous; Google does take down fake apps masquerading as popular apps quickly. Now Google is warning people about the danger of letting apps have unfettered access to their personal information and requiring privacy polices to state whether the developer shares or sells personal data.
