Google Play privacy slip-up sends app buyers' personal details to developers

Google Play privacy slip-up sends app buyers' personal details to developers

Summary: Google is sending user name, email and suburb details to Android developers without asking for permission, according to an Australian app developer.

SHARE:
TOPICS: Google, Android, Apps, Privacy
35

Without asking permission, Google sends developers the personal details of everyone who buys their app from Google Play.

According to Australian developer Dan Nolan, Google sends him the name, suburb and email address of consumers that his app — enough to "track down and harass users who left negative reviews". 

Nolan discovered the trove of customer data on his "merchant account" recently while updating his seller payment details.

Logo of app for the sharp-tongued former Aussie PM, Paul Keating
Logo of app for the sharp-tongued former Aussie PM, Paul Keating. Credit: Synthetica Pty Ltd

The main problem is that Google is not asking explicit permission from buyers to share that information with developers, Nolan said. "This is a massive oversight by Google. Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it and it's made crystal clear to them that I'm getting this information," Nolan posted on his blog on Tuesday.

"This is a massive, massive privacy issue Google. Fix it. Immediately," he added.

The Android app that is providing Nolan with Google Play customer details is the Paul Keating Insult Generator, an app that spits slander in a style the former Australian Labor Prime Minister is famous for. One of many Keating insults was his take on former opponent John Hewson: "He's like a shiver waiting for a spine."

Nolan told news.com.au he wasn't sure whether Google also gave out customer details to developers of free apps, but added that the same practice for paid apps was applied globally. By contrast, Nolan noted that Apple only sent the quantity of sales in each country to developers.

"If you bought the app on Google Play (even if you cancelled the order), I have your email address, your suburb, and in many instances your full name," said Nolan.

Google had not responded to a request for comment at the time of publishing this article.

The Terms of Service document for Google Play do not mention the practice of sharing details with developers of purchased apps. However, it does note that email and address details can be shared with magazine publishers.

The "how we use information we collect" section of its broader Privacy Statement notes that Google shares user information between Google services, excluding Double-Click, and that it "will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy."

ZDNet is awaiting responses from other Android developers.

Topics: Google, Android, Apps, Privacy

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

35 comments
Log in or register to join the discussion
  • Oops

    I'm lucky I never bought anything from Google Play. I prefer free (even if ad-supported) applications.
    statuskwo5
    • User permission or not

      They send your info to CIA / NSA nonetheless.
      LBiege
      • .

        Oh I realize that, but then again every company does this when the government comes a- knockin'. I'm just glad my info wasn't sent out to developers.
        statuskwo5
        • It's not clear if "free" apps are exempt..

          Generally, in transactional situations like this, a free app just means a $0.00 sale. And a free app's price can change to be non-free in the future, yet you're still granted a license to that app since you got it when it was free.

          I suspect it is registered as a SALE nonetheless. So I would not be surprised if free apps were treated the same as purchased in this regard. The only real difference from a processing point of view is the amount of money to collect from the buyer.
          PolymorphicNinja
          • .

            Good point. :-(
            statuskwo5
          • wrong!

            free apps do not appear in merchant account, no information on free app purchases is shared and free apps can NOT be converted to paid app for exactly this reason
            http://support.google.com/googleplay/android-developer/answer/138412

            the whole article is BS, there is nothing new or wrong with customers sharing their private information with the seller when buying stuff online at an online merchant market
            finik
          • Sharing data with online merchant

            There is a difference in trust between Amazon.com and BestBuy.com versus some unknow dev in say Russia or China.
            khurtwilliams@...
    • Nothing in or Around Google is Private

      To think otherwise is foolish
      Panwo1@...
  • Google Play privacy slip-up sends app buyers' personal details to developer

    Can't see how anyone can trust Google. Not only do they take your privacy away now they are giving it to the app developers. I would drop them as quickly as possible if I were you.
    Loverock-Davidson
    • and again.. our pet microsoft shill appears.

      Keep on keeping on bud.
      frankieh
    • sarcastic comment ahead.

      Because microsoft has always had your best interests at heart and has never been in privacy hotwater or committed illegal activities..

      Lol ..hhahhjhajhajjh loverock you crack me up bud.
      frankieh
      • Google is a different kind of animal

        Indeed, Microsoft in the past was a very agressive company but they got burned (the government stepped in, fined them big time and removed Gates from the company).

        The problem with Google is that nobody seems to be able to stop them; they have been accussed many times (in the US and Europe), have gotten some ridiculous fines (petty cash for them), and sometimes, just a slap on their hands and that's it. That's why Google is so daring and has no respect for people's personal data.
        OpinadorObjetivo
  • People use their real info?

    Do you mean to tell me people are dumb enough to put in a email they actually use and a real spelling of their name when they sign up for services that don't require the correct info? It's true - you can't fix stupid.
    SpatsTriptiphan
    • A cell phone is a very personal thing

      It's not unreasonable for users to use their "real" Google account when they set up their Android handset.

      Besides that, once you've purchased something via credit card from a "fake" account, you've attached your real identity to it in some capacity.

      What it comes down to is.. Whether you use your real account or some fake account, Google really shouldn't be sharing that data with developers unless the account holder opts in on it.
      PolymorphicNinja
  • "Slip up"?

    Is that like the wifi snooping "slip up", or the "we forgot to delete that data" slip up, or...
    William Farrel
    • you should say something pro google or anti microsoft sometimes.

      It might hide your microsoft shill/fanboi status from newbs that don't know any better.
      frankieh
  • Jumping onthe Bandwagon

    Hold On, folks. No one has the Full story yet. It could be that The Goog slipped up. It could be a disgruntled Dev (I have yet to see Any Other public info with the same story). It "could" be a plant from a competitor to gain market share, a Soviet Spy, a Zombie Nazi. It Could be ..... I realize this is a comment section but before the revolution starts, let's hear the whole story. (it Is tempting to stretch the imagination tho).
    liveTexas
    • Zombie Nazis

      That is my guess too
      Panwo1@...
    • It's been like this forever

      Actually, ever since my first paid app, I've always seen every purchaser's information. That was about a year ago. I've never thought anything of it. In reality, my merchant account shows me the same information that I would have if I was a retail store, because that's exactly what I am as a seller of an app. No one gets mad at the local grocery store because they have information on the credit card transactions that occurred at their store.
      Javid Pack
  • Not True, all users are asked to permit info to be shared

    See Link: http://paidcontent.org/2012/02/16/419-google-android-wont-share-personal-info-with-apps-unless-you-let-it/
    Texas2013