Tag: App
30. August 2021
The developer of the popular app “Angry Birds” is currently under investigation by the New Mexican Attorney General.
On August 25, 2021, New Mexico Attorney General Hector Balderas filed charges against Rovio Entertainment. The company is alleged to have violated the federal Children’s Online Privacy Protection Act (COPPA) and to have intentionally collected the data of players under the age of 13. One of the accusations is that the data was processed for commercial purposes.
COPPA requires app developers to inform parents of children of the appropriate age about their data collection practices. Further, it is required to obtain parental consent for the collection of personal data from children under 13 and to properly record that consent.
The Attorney General’s complaint alleges that children’s data was disclosed to third parties for the purpose of targeted advertising. The data is analyzed, vermacred to third parties, and from then on is also available to an even wider circle of interests. The Angry Bird developer is also said to have failed to obtain parental consent and to have proclaimed it. The privacy policy was also said to be misleading. The company however stated that the Angry Birds app was not for children. Nevertheless, according to the authorities the developers are aware that the application is downloaded and played by a young audience in particular. Even in the event that the privacy policy is not specifically marketed to minors, however, the company must take measures under COPPA to minimize the risk to children.
The procedure may entail civil penalties, restitution, and other relief.
Children’s data also receive special protection within the EU. According to Art. 8 of the GDPR, this protection even applies up to the age of 16. However, the state legislators are free to set this limit at the age of 13.
20. August 2021
On the Android Developers Blog, Google has announced further details for the upcoming new safety section in its Play Store. It aims at presenting the security of the offered apps in a simple way to give users a deeper insight into privacy and security practices of the developers. This should allow users to see what data the app may be collecting and why, even before the installation. In order to achieve this, apps in the Google Play Store will be required to publish the corresponding information in the safety section.
The new summary will be displayed to users on an app’s store listing page. It is intended to highlight details such as:
- What type of data is collected and shared, e.g. location, contacts, name, email address, financial information,
- How the data will be used, e.g. for app functionality or personalization,
- Whether the data collection is optional or mandatory for the use of an app,
- Security practices, e.g. data encryption,
- Compliance with the family policy,
- Validation from an independent source against a global security standard.
To support the safety section, policy changes are being made which should lead to more transparency to users. Thus, all developers will be required to provide a privacy notice. Previously, only apps that collected personal and sensitive user data had to do so. The innovation applies to all apps published on Google Play, including Google’s own apps.
Developers will be able to submit information to the Google Play Console for review in October. However, by April 2022 at the latest, the safety section must be approved for their apps. The reason for this is that the new section is scheduled to be rolled out and visible to users in Q1 2022.
Aside from sharing additional information for developers on how to get prepared, Google has also assured that more guidance will be released over the next few months.
25. May 2021
In a blog post published on May 6th, 2021, by Suzanne Frey, VP, Product, Android Security and Privacy, Google announced a new policy that will require developers to provide more privacy and security information about their apps. These details will be made available to users in a new “safety section” in the Google Play Store starting in 2022. The announcement comes a few months after Apple began displaying similar privacy information in their App Store.
The new “safety section” will require Android app developers to explain what kind of data is collected by their apps. For example, whether the app collects personal information, such as name, username or email and whether it collects information directly from the phone, such as approximate or exact location, contacts, media (photos, videos, audio files). Developers must also disclose how the app uses the data. For example, to improve app functionality and personalization. The section will also include information about security features, such as encryption and compliance with Google’s policy for apps aimed at children and families.
The new policy won’t be in effect for a few months in order to give developers enough time to implement the changes. Developers can begin declaring the new information in the fourth quarter of 2021. Users will be able to see the information on Google Play starting in the first quarter of 2022, and all new and existing apps will have to declare the information starting in the second quarter of 2022.
The changes seem designed to allow app developers to better explain to customers whether they can trust an app with their data, rather than working to make apps more data-efficient.
13. January 2021
Already announced in Apples Worldwide Developers Conference last June a new privacy feature for Apple’s App Store has now been launched with iOs 14.3 (we reported). Originally iOs 14 should have had these update, but based on critic of app developers and big tech giants the launch has been postponed to give the concerned persons and companies more time to be prepared for the changes.
The update requires the App providers to answer several questions regarding data privacy. The requirement to answer the questions only apply in case an app is uploaded to the App Store for the first time or in case an update is published by the App provider. So at this point, not many apps come up with this additional information. However, Apple’s own apps and for example the Facebook Messenger have already been updated regarding this information.
The process is as follows: In the course of uploading an app or update the provider must answer questions regarding inter alia which categories of personal data are collected by the app or third parties within the app, if the data is used to track the user and with which data sources and other data the obtained data is linked. The inserted information is afterwards displayed in the App Store below the rating of the app.
According to Apple, the goal is that the information in the App Store should make it easier for the user to know what the privacy status of an app is. However, it should be noted that the information is based solely on the (voluntary) information provided by the provider and is not verified by Apple.
12. February 2019
After TechCrunch initiated investigations that revealed that numerous apps were recording screen usage, Apple called on app developers to remove or at least disclose the screen recording code.
TechCrunch’s investigation revealed that many large companies commission Glassbox, a customer experience analytics firm, to be able to view their users’ screens and thus follow and track keyboard entries and understand in which way the user uses the app. It turned out that during the replay of the session some fields that should have been masked were not masked, so that certain sensitive data, like passport numbers and credit card numbers, could be seen. Furthermore, none of the apps examined informed their users that the screen was being recorded while using the app. Therefore, no specific consent was obtained nor was any reference made to screen recording in the apps’ privacy policy.
Based on these findings, Apple immediately asked the app developers to remove or properly disclose the analytics code that enables them to record screen usage. Apples App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity. In addition, Apple expressly prohibits the covert recording without the consent of the app users.
According to TechCrunch, Apple has already pointed out to some app developers that they have broken Apple’s rules. One was even explicitly asked to remove the code from the app, pointing to the Apple Store Guidelines. The developer was given less than a day to do so. Otherwise, Apple would remove the app from the App Store.
14. February 2017
Last week Google contacted millions of app developers informing them about their apps’ violation of Google’s User Data policy.
According to this policy, apps which handle personal or sensitive user data must post a privacy policy in the designated field in the Play Developer Console, as well as within the app itself and handle the user data securely, for example by using cryptography for transmitting them.
Millions of apps handling with personal data do not have a privacy policy and thus do not contribute to providing a clear and transparent experience for Play Store users. Google set a time limit of 5 weeks, until March 15 this year for the apps to comply with the User Data policy. Either the developers shall include a link to a valid privacy policy or remove any requests for sensitive permissions or user data. Otherwise Google might limit the visibility of those apps or even remove them from its Google Play Store.
