Google is introducing significant changes to how it enforces its Unwanted Software Policy, which should result in better privacy and transparency for the world's two billion Android users.
Google is giving developers two months to ensure their apps don't deviate from its Unwanted Software policy. If an app continues to stray from the policy, users are likely to see its Safe Browsing full-page warnings, which will probably drive users away from the offending software.
The crackdown is a new effort to combat malicious and harmful Android apps and will apply to software distributed through the Play Store as well as third-party Android app markets.
The Safe Browsing warnings will appear "on apps and on websites leading to apps that collect a user's personal data without their consent", Google said on its security blog.
In other words, the warnings may be applied to sites and software that promote the apps that violate its policy, as well as the offending apps themselves.
Developers will also need to offer a way for users to give their "affirmative consent" if an app collects and transmits personal data that's unrelated to the functionality of the app. The app also needs to prominently explain how user data will be used.
"These data collection requirements apply to all functions of the app. For example, during analytics and crash reporting, the list of installed packages unrelated to the app may not be transmitted from the device without prominent disclosure and affirmative consent," Google said.
The changes reflect an update in August to the Personal and Sensitive Information section of Google's Developer Policy Center. The amended policy introduced a requirement for an app to provide prominent disclosure if it collects and transmits personal user data which is unrelated to the app's main functionality, as described in its Play Store listing.
The section covers requirements for how an in-app data-usage disclosure must be displayed and how the app needs to request user consent. For example, the in-app disclosure must be shown within the app itself and not just the Play Store listing or on a website.
The affirmative consent request dialog needs to be presented in a clear and unambiguous way. To gain consent, the user will need to tap to accept or tick a check-box.
Google notes that two common violations are when an app doesn't treat a user's installed apps as personal or sensitive user data and when an app doesn't treat the user's phone or contact book as personal data. The apps will be considered to violate Google's policy if they don't follow the rules for prominent disclosure.
Websites owners that attract a Safe Browsing warning will need to follow the usual processes in the Search Console if they want to resolve the warnings. App developers caught by the new Safe Browsing warnings can request an app review on the App Verifications and Appeals support page.
Previous and related coverage
An analysis of hijacked websites suggests Google's Safe Browsing technology is only warning users about a small proportion of them.
In October, Google will begin phase two of its plan to label all HTTP pages as non-secure.
Read more on Android
- Google says these are the best Android apps of 2017 but do you agree?
- Google's Datally: New free Android tool stops greedy apps eating up all your data
- Android security: Sneaky three-stage malware found in Google Play store
- Android security: Google cracks down on apps that want to use accessibility services
- Android phones still track you when location services are off (CNET)
- What Fuchsia could mean for Android (ZDNet)