Google is stepping its fight against unwanted and harmful applications on Android up and will soon alert users on apps and websites leading to apps that collect personal data without their consent.
Produced by Google Safe Browsing, the alerts will start popping up on Android devices in a couple of months, as part of expanded enforcement of Google’s Unwanted Software Policy, the Internet giant announced.
The expanded enforcement also covers applications handling personal user data, such as phone numbers or email, or device data, all of which will be required to inform users on their activities and “to provide their own privacy policy in the app.”
What’s more, Google is now requesting applications that collect and transmit personal data unrelated to the functionality of the app to “prominently highlight how the user data will be used and have the user provide affirmative consent for such use,” prior to performing the collection and transmission operations.
“These data collection requirements apply to all functions of the app. For example, during analytics and crash reporting, the list of installed packages unrelated to the app may not be transmitted from the device without prominent disclosure and affirmative consent,” Paul Stanton, Safe Browsing Team, explains in a blog post.
The Internet search provider is enforcing the new requirements to applications in both Google Play and non-Google Play app markets. The company also published guidelines for how Google Play apps should handle user data and provide disclosure.
The warnings might start appearing in late January 2018 on user devices via Google Play Protect or on webpages that lead to these apps.
Webmasters should refer to the Search Console for guidance on remediation and resolution of the warnings, while developers should refer to guidance in the Unwanted Software Help Center. Also, application builders can request app reviews.
More from Ionut Arghire
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
- Boxx Insurance Raises $14.4 Million in Series B Funding
Latest News
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- China Says It’s Looking Into Report of Spy Balloon Over US
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
