Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google to Warn Android Users on Apps Collecting Data

Google is stepping its fight against unwanted and harmful applications on Android up and will soon alert users on apps and websites leading to apps that collect personal data without their consent.

Google is stepping its fight against unwanted and harmful applications on Android up and will soon alert users on apps and websites leading to apps that collect personal data without their consent.

Produced by Google Safe Browsing, the alerts will start popping up on Android devices in a couple of months, as part of expanded enforcement of Google’s Unwanted Software Policy, the Internet giant announced.

The expanded enforcement also covers applications handling personal user data, such as phone numbers or email, or device data, all of which will be required to inform users on their activities and “to provide their own privacy policy in the app.”

What’s more, Google is now requesting applications that collect and transmit personal data unrelated to the functionality of the app to “prominently highlight how the user data will be used and have the user provide affirmative consent for such use,” prior to performing the collection and transmission operations.

“These data collection requirements apply to all functions of the app. For example, during analytics and crash reporting, the list of installed packages unrelated to the app may not be transmitted from the device without prominent disclosure and affirmative consent,” Paul Stanton, Safe Browsing Team, explains in a blog post.

The Internet search provider is enforcing the new requirements to applications in both Google Play and non-Google Play app markets. The company also published guidelines for how Google Play apps should handle user data and provide disclosure.

The warnings might start appearing in late January 2018 on user devices via Google Play Protect or on webpages that lead to these apps.

Webmasters should refer to the Search Console for guidance on remediation and resolution of the warnings, while developers should refer to guidance in the Unwanted Software Help Center. Also, application builders can request app reviews.

Related: Google Rolls-Out Play Protect Services for Android

Related: Google Tightens OAuth Rules to Combat Phishing

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...