Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Store Sends User Information To App Developers

Posted by timothy on from the always-the-first-to-know dept.

Several readers have passed on news of a privacy hole in the Google app store. Reader Strudelkugel writes with the news.com.au version, excerpting: "Every time you purchase an app on Google Play, your name, address and email is passed on to the developer, it has been revealed today. The 'flaw' — which appears to be by design — was discovered this morning by Sydney app developer Dan Nolan who told news.com.au that he was uncomfortable being the custodian of this information and that there was no reason for any developer to have this information at their finger tips."

80 of 269 comments (clear)

  1. "Flaw"? by elephant_hunter · · Score: 5, Insightful

    Today I learned that app developers don't deserve to be treated like real merchants

    1. Re:"Flaw"? by Anonymous Coward · · Score: 5, Insightful

      Hey, go build your app store and sell your apps...until you do no...your not a merchant...your a supplier. Google App store is the merchant.

      You seem to not understand your role here. You are not the making the sale. Google is. You simply getting your book/album/software distributed by a merchant. /really is that simple

    2. Re:"Flaw"? by CanHasDIY · · Score: 2, Informative

      Today I learned that app developers don't deserve to be treated like real merchants

      They aren't - Google Play is the merchant, the developers are the manufacturers.

      Personally, I'd rather not have my contact information sent to the manufacturer of every product I buy.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    3. Re:"Flaw"? by dagamer34 · · Score: 5, Informative

      If this were the iOS or Windows Phone stores, then yes, that would be true. But with Google Play, the developer actually IS the merchant. The Play Store itself is only an intermediary. The system is setup like any other online store where there are "ordered" and goods are "shipped". Blame the fact that Google basically grafted the paid Android store onto a system that was meant for real-world goods. Honestly though, this isn't news. Every Android developer has known this for YEARS. And this is no different than any other online store out there.

    4. Re:"Flaw"? by elephant_hunter · · Score: 5, Insightful

      Hey, go build your app store and sell your apps...until you do no...your not a merchant...your a supplier. Google App store is the merchant.

      You seem to not understand your role here. You are not the making the sale. Google is. You simply getting your book/album/software distributed by a merchant. /really is that simple

      Does that mean that people who sell apps on Amazon or eBay aren't merchants either?

      You're the one who seems not to understand. The middle man doesn't matter. If I am making a transaction with a customer, I am a merchant.

    5. Re:"Flaw"? by Anonymous Coward · · Score: 3, Informative

      I would like to get data from iOS sales too!

      Speaking as an iOS user, I don't want you spamming me.

    6. Re:"Flaw"? by gstoddart · · Score: 4, Insightful

      Today I learned that app developers don't deserve to be treated like real merchants

      If you buy ketchup at a grocery store, do they send your personal information to Heinz?

      Of course they don't.

      The app developers don't need to know anything more than how much they get paid. And in some cases, if Google is doing this -- it would be considered illegal.

      This is just colossal stupidity, there's no reason those companies should be getting any of this information.

      --
      Lost at C:>. Found at C.
    7. Re:"Flaw"? by node+3 · · Score: 4, Insightful

      Coke doesn't get my name when I buy their products in a store or at a restaurant. Levi doesn't either. Nor does Adobe when I buy their software at Best Buy. Or Lenovo or Microsoft or Sony. Neither does Rovio when I buy their apps on the App Store.

      The problem here is that Google really doesn't care at all about privacy. It's not part of their corporate culture, and it can't be, when their entire business model is centered around exploiting data, not protecting it. Primary to any Google service is Google's wholesale commercial access to every bit of data you provide. Privacy is then applied secondarily, usually in the sense of keeping the personal data within Google's proprietary control, and only releasing aggregated and somewhat anonymized data to third parties, but that's just an afterthought. It's window dressing to make the initial privacy violation more digestible. Which for most of us here, it is... up to a point.

      There are many things to like about Google, and I'm sure many here will (quite hypocritically) give up privacy in order to keep using the things they do like. I have no problem with this tradeoff if made knowingly, though it is annoying to hear people harp on with Benjamin Franklin quotes, then sell him down the river as fits their fancies.

      It's things like this which makes Apple's system so appealing for many. With Apple, you can trust that your privacy is an inherent part of the system. With Google, you privacy is inherently compromised from the get-go. Even MS is miles ahead of Google with regards to privacy, and MS has historically been one of the most cynically profit-driven companies to ever exist!

      Anyway, to your point, the developers already have my money. That's all they deserve from the transaction. If they want my name, email address, and location, they can ask for it. And if I'm willing to grant it, they can have it. Otherwise, they'll just have to settle for my money, which should be more than sufficient. If it's not, they can raise their prices, as I'd much rather pay up front for the things I use, rather than be on the hook with hidden costs that, unlike my checkbook, are often out of my control.

    8. Re:"Flaw"? by CanHasDIY · · Score: 2

      This! I've sold software on Google Checkout/Wallet since day one, and always expect/demand customers data.

      What apps? I want to make sure I don't fuck up and give a scammer my personal info by accidentally buying one.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    9. Re:"Flaw"? by daniel78 · · Score: 5, Informative

      This is simply not true. Stupid as it may seem, Google has set up the Play store so that they are merely the "card processor". I agree that it seems a bit of a stretch, but that's the way it is. As such, the app developer really is the merchant. That's why you get receipts (via google checkout) from Joe Bloggs LLC rather than from Google itself.

    10. Re:"Flaw"? by node+3 · · Score: 4, Insightful

      If this were the iOS or Windows Phone stores, then yes, that would be true. But with Google Play, the developer actually IS the merchant.

      The problem here is that it's not presented that way. The Play Store appears, to the customer, exactly like any other storefront. If it's really more like a flea market with individual merchants all collected together under one roof, instead of like a retail store, then this is something that is not only obscured to the buyer (which is a gross deception), it's also not even obvious to the developers, who seem quite surprised to receive this amount of info.

      The Play Store itself is only an intermediary. The system is setup like any other online store where there are "ordered" and goods are "shipped". Blame the fact that Google basically grafted the paid Android store onto a system that was meant for real-world goods.

      I blame the fact on the combination of Google not caring one whit about end user privacy, coupled with Google's greatest strength: they do things in the quick-and-dirty somewhat Unix-style. Instead of creating a monolithic retail system, they slap together a few subsystems and call it a day.

      This is a strength when it comes to flexibility and speed of execution, but is a weakness when it comes to making something consistent and reliable for the user. I prefer products with well thought out designs, where every detail is worked over and refined, but I do also understand the appeal of the infinitely flexible. I won't tell anyone which they should prefer, but I will say that end users are being presented something that doesn't match the reality of the system being presented.

      Honestly though, this isn't news. Every Android developer has known this for YEARS. And this is no different than any other online store out there.

      The developers have known this, but this has been unknown to the users. I had no clue this happened (but assumed Google was nowhere near as protective of my privacy as Apple, so have kept that in the back of my mind when using the Play Store).

      However, I really would have greatly preferred to know this ahead of time. This isn't some design detail which needn't be exposed to the end user, but something that really needs to be openly and clearly made aware of. For me, this is a breach of trust, and while I won't eschew Google's services altogether because of it, I also won't quickly forget this breach either.

    11. Re:"Flaw"? by node+3 · · Score: 4, Insightful

      This! I've sold software on Google Checkout/Wallet since day one, and always expect/demand customers data. I would like to get data from iOS sales too! This developer needs to get a job.

      If you want my data, you are free to ask me for it. I'm quite offended to hear you "expect/demand" it. Why? It belongs to me, and if you want it, you may ask. If it's for income, just ask me to pay what your product is worth instead of tricking me with a low price and making up the difference with the theft of my personal data.

      This is exactly why I prefer Apple's iOS ecosystem. I know what I'm getting into, and am in full control over my personal data. I'm much more happy to part with a bit more money than with most of my privacy.

    12. Re:"Flaw"? by Anonymous Coward · · Score: 2

      >If I am making a transaction with a customer, I am a merchant.

      Really? You clear the customer's credit card? I thought the way these stores worked is that you supply Amazon/Google/etc with product and Amazon/Google/etc pays you when that product sells.

    13. Re:"Flaw"? by daniel78 · · Score: 2

      out of mod points, but parent is 100% correct.

      It's a stupid set up (no doubt an attempt to protect Google from being blamed for what's in their store) and is a huge pain for many reasons. But its not a "privacy hole", and was not "discovered this morning".

    14. Re:"Flaw"? by tknd · · Score: 2

      They aren't - Google Play is the merchant, the developers are the manufacturers.

      And you're incorrect. If Google Play was the merchant, then they would collect sales tax on my behalf, but Google has chosen to put this weight on the "manufacturer" therefore I as a developer become a "merchant" and Google Play is nothing more than a distribution mechanism and marketplace. This is why I receive information about customers and their locations so I can correctly compute taxes.

    15. Re:"Flaw"? by Andy+Prough · · Score: 2

      Depends - do you pay with credit card or cash?

    16. Re:"Flaw"? by CanHasDIY · · Score: 2

      This is simply not true. Stupid as it may seem, Google has set up the Play store so that they are merely the "card processor". I agree that it seems a bit of a stretch, but that's the way it is.

      Hence the reason Google doesn't see it as a flaw - it's precisely how the system was designed to work.

      However, that does not change the fact the system itself is a flawed process that ignores the conventional consumer/merchant relationship.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    17. Re:"Flaw"? by samkass · · Score: 4, Interesting

      If this were the iOS or Windows Phone stores, then yes, that would be true. But with Google Play, the developer actually IS the merchant. The Play Store itself is only an intermediary. The system is setup like any other online store where there are "ordered" and goods are "shipped". Blame the fact that Google basically grafted the paid Android store onto a system that was meant for real-world goods.

      Honestly though, this isn't news. Every Android developer has known this for YEARS. And this is no different than any other online store out there.

      Apple does not give you a 1099-- you are the seller, and Apple is acting only as an intermediary. That being said, Apple does not share ANY of this information with publishers. Even magazine sellers via Newsstand on an iOS device can only receive customer information if the customer opts-in to it. Apple's profit model is to sell more devices, and keeping strict privacy guarantees for customers helps sell devices. Google's profit model is to sell advertising, so people expect far less protection from Android. But legally they're both intermediaries between the buyers and the sellers.

      --
      E pluribus unum
    18. Re:"Flaw"? by interval1066 · · Score: 2

      they slap together a few subsystems and call it a day

      Still doesn't explain why customer info is sent to developers. This is acwillful greach of consumer trust on the part of google. I don't see how else it could be spun.

      --
      Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
    19. Re:"Flaw"? by PopeRatzo · · Score: 3, Informative

      I've sold software on Google Checkout/Wallet since day one, and always expect/demand customers data.

      And I expect/demand that every woman on the #151 Sheridan bus give me sex, but I've got no right to it.

      --
      You are welcome on my lawn.
    20. Re:"Flaw"? by PopeRatzo · · Score: 4, Insightful

      This! I've sold software on Google Checkout/Wallet since day one, and always expect/demand customers data.

      Can you give us a list of the software you sell via Google? I'd like to put it on my list of software to never buy.

      If you want to "expect/demand" by personal information, then expect/demand it from me, not from someone I'm doing business with.

      --
      You are welcome on my lawn.
    21. Re:"Flaw"? by Krojack · · Score: 3, Informative

      If this were the iOS or Windows Phone stores, then yes, that would be true. But with Google Play, the developer actually IS the merchant.

      The problem here is that it's not presented that way. The Play Store appears, to the customer, exactly like any other storefront. If it's really more like a flea market with individual merchants all collected together under one roof, instead of like a retail store, then this is something that is not only obscured to the buyer (which is a gross deception), it's also not even obvious to the developers, who seem quite surprised to receive this amount of info.

      Only do those not reading. When you click the "$1.99 Buy" button then "Continue" button, you're presented with Google Checkout:

      Review your purchase
      Pay to:
      Pay with:

      Google Checkout is nothing more then an online merchant processor and works just like PayPal.

    22. Re:"Flaw"? by markana · · Score: 3, Interesting

      How does Apple handle the local sales tax issue? If I sell an app to a customer in my state, I'm obligated to remit the correct sales *for that customer's location*. Does Apple graciously compute the correct tax for every little taxing district, and automatically add that to the app price? How do they report that to the developers, for their B&O tax returns?

      Or are Apple app developers ignoring it and waiting to get slammed by the tax authorities?

    23. Re:"Flaw"? by node+3 · · Score: 3, Insightful

      XMFD @ trusting Apple over Google. They're both interested in your data for a variety of reasons. Get your head out of the sand.

      With Apple, I'm the customer, with Google, I'm the product.

      And in practice, Apple has been consistently far beyond Google in terms of protecting my privacy. This is just one of an endless supply of examples that demonstrates this. Perhaps you should take your own advice and look at the world as it is and not as you imagine it to be.

    24. Re:"Flaw"? by node+3 · · Score: 2

      Absolutely. I'm just explaining the institutional reasons why Google repeatedly betrays their customers, not that it's a good thing. That aspect of it is downright disturbing.

      I was also pointing out that the upside is it leads to flexible services that are quickly deployed. And is one of Google's greatest strengths. The two go hand in hand.

    25. Re:"Flaw"? by cusco · · Score: 2

      This is the model of the old Sears & Roebuck catalog again. You could buy anything, up to and including a prefab house kit, out of the catalog. Most of the money went to the actual vendor, and Sears kept a portion of it.

      **Off Topic** My great-grandmother was a teacher in rural northern Michigan at the turn of the 20th century. Most of her students only spoke English as a second language, if at all. While in the Midwest teachers used to assign homework out of the Bible she had to use the Sears catalog. Even if her student's family happened to have a bible it was often in another language, but everyone had a Sears & Roebuck catalog.

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    26. Re:"Flaw"? by node+3 · · Score: 2

      Its fairly simple.

      The repercussions of violating privacy are much higher for Google than they are for other companies. Therefore logic dictates that Google will do more to prevent these violations.

      You'll have to demonstrate that the bolded part is true. For example, this story contradicts it.

      Apple, for example, treats customer privacy as a feature with which to sell their products. I'd suggest Apple's incentive for protecting privacy is greater than Google's.

      If the typical company lets your private data get out (and as I'm sure you know, many have) they still have products to sell. Google's product *is* that data. They have nothing else. If the data gets away from them *or* if they lose the confidence of the public to keep it safe, Google is out of business, the end for them.

      But the data here *did* get out, and not only that, but this is by their design and not an accident. The same goes for magazine subscriptions. On the Play Store, the publisher gets your name, email, and home address. On iTunes, the publisher can ask for it, but you can say "no" and you get the exact same magazine, no limitations. On Google Play, your only option is to not subscribe at all.

      Do you want your data held by a company that specializes in making consumer electronics, or a company that specializes in *data*?

      The former, because I trust Apple. And you are still glossing over the fact that Google collecting the data already *is* an invasion of privacy.

      The only reason I have, up to now, accepted Google's inherent privacy implications is that, like you, I assumed (wrongly) that they would keep it all in house. That the worst of it was that I'd get ads based on my emails and such. And this data collection also allows for some very cool (if creepy) things like Google Now.

      Unfortunately, for me, this is the last straw. Google has asked for a *lot* of my data, far more than Apple ever has, and with that data comes a degree of trust. Google has violated that trust in my mind, and will not get it back easily.

      Were Apple to ever to the same, I'd have a similar response.

    27. Re:"Flaw"? by node+3 · · Score: 2

      It's not that my name and email and home address is data that I don't want people to know, it's that I don't want it handed to strangers without my permission (ideally) or my explicit understanding (at the very least). And I definitely don't want it given out on the internet to strangers without being asked first.

      What I greatly prefer in Apple's way of doing this compared to Google's is that my privacy is assumed important with Apple, and is, at best, assumed proprietary to Google, but is to be sold or given away at their discretion apparently (which I did not expect!).

    28. Re:"Flaw"? by Stupendoussteve · · Score: 2

      It certainly does explain it.

      The system they slapped together included Google Checkout, which is used for shipping physical goods to physical addresses. Everything goes to the developer because the developer is selling you the product, not Google. Unfortunatley it appears they kept the location features, even though it was unneeded for the new role.

      Play Store is essentially a different interface to Google Shopping.

    29. Re:"Flaw"? by Tagged_84 · · Score: 2

      Apple give a nicely detailed breakdown of how many apps were sold and where and under which tax code, as well as how much tax was paid to each. It's enough information to comply with my quarterly GST statements in Australia and my accountant confirmed to me everything was fine when I was curious.

    30. Re:"Flaw"? by exomondo · · Score: 2

      The repercussions of violating privacy are much higher for Google than they are for other companies.

      Why? Apple or Microsoft have just as much access to the data that Google does but their privacy policies dictate that they will not access that data, we know Google accesses that data - and of course if you had a problem with that you wouldn't use Google services. I suppose it depends on what you're determining to be a 'violation of privacy'?

  2. I thought it was creepy, yeah... by seebs · · Score: 4, Insightful

    It did seem a little... more information than I really needed, yes.

    I sort of assumed everyone knew, because when has Google ever cared about privacy?

    --
    My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
    1. Re:I thought it was creepy, yeah... by BasilBrush · · Score: 2, Insightful

      Indeed, I can't say I'm surprised. Google has no respect for privacy, and that's the reason I don't use any of their products any more.

    2. Re:I thought it was creepy, yeah... by sqrt(2) · · Score: 2

      That's the first I've heard of DDG being a Bing intermediary. Even if they are, what does it matter if my queries are anonymized?

      --
      If you build it, nerds will come. Soylentnews.org
    3. Re:I thought it was creepy, yeah... by BasilBrush · · Score: 2

      That's the first I've heard of DDG being a Bing intermediary.

      Bing is just one of their many sources. And you're right it doesn't matter because whatever DDG knows about you isn't passed on. And DDG don't know much about you because one of their USPs is that they don't track you.

      If you liked Google Search back in the day, when Google actually tried not to be evil (about a dozen years ago). DDG gives you that feel.

  3. this is stupid by Anonymous Coward · · Score: 2, Insightful

    literally every single person that's ever sold at least one app on the app store since the beginning of the app store has "discovered" this

    1. Re:this is stupid by the+computer+guy+nex · · Score: 4, Insightful

      literally every single person that's ever sold at least one app on the app store since the beginning of the app store has "discovered" this

      The problem is literally (almost) every single person that has ever purchased an app doesn't know this, and those people outnumber the developers.

  4. Comment? No comment. by ljw1004 · · Score: 4, Interesting

    From the article:

    Google has not responded to news.com.au's request for comment.
    UPDATE: This story has been amended at the request of Google.

    So has Google responded or not?

    1. Re:Comment? No comment. by CanHasDIY · · Score: 3, Informative

      Author comment from TFA:

      For the people asking how the story was amended: Despite the fact that Google refused to comment on the record, I was asked to change the headline (both the homepage headline and SEO headline inside the story), as well as the standfirst and lead (first paragraph). Google's issue was with the use of the word "flaw". Apparently a system that is designed to share users information with developers without their knowledge or permission and without explicitly saying so in any terms of service is not considered to be a flaw. I have no problem amending stories if they are factually incorrect but the fact is neither developers nor customers were aware of this information sharing and Mr Nolan is not the only developer to express concern over having this information at his disposal. There's little reason app developers should have this information. If Google was going to share this information they should have been clear about this from the start. Hope this clears things up.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    2. Re:Comment? No comment. by gstoddart · · Score: 3, Interesting

      The author of the article points out that Google didn't like the term 'flaw' in the title and beginning of the article, that's all.

      Do no evil. When caught, redefine evil.

      Looks like I won't be getting any more apps on my Android phone, because I did not consent to that data being provided to anybody other than Google, and where I live, that's illegal.

      --
      Lost at C:>. Found at C.
  5. How is this a big deal? by MikeBabcock · · Score: 2

    Alright, so the Play Store should probably tell you that your personal information is about to be given to whomever you purchase an app from, but seriously, this is already true for every Paypal or credit card purchase you've ever made too.

    --
    - Michael T. Babcock (Yes, I blog)
    1. Re:How is this a big deal? by TraumaHound · · Score: 3, Informative

      this is already true for every Paypal or credit card purchase you've ever made too

      It's not true (and shouldn't be true) for digital purchases. Apple doesn't provide developers with any personal customer information for app purchases. Valve doesn't for Steam purchases. Amazon doesn't for digital software purchases. Microsoft doesn't for app or Xbox purchases.

      Google is unique in this regard and not in a good way.

    2. Re:How is this a big deal? by PraiseBob · · Score: 2

      This is a huge deal. As the credit processor, google needs to remain PCI complaint. Passing on "Cardholder Data", which includes the credit card number and ANY personally identifiable information, such as name, home address, & email, makes them a Service Provider according to PCI-DSS. Anybody receiving that data must also be PCI compliant, which is a big deal.

      Google is passing secure data to entities that they basically know are not PCI compliant, and likely not warning the developers that they need to be follow PCI rules for this data. This could potentially mean terminating Google's ability to process credit cards, entirely. For google, those rules will be ignored, because there's too much money to be made. But the rules for smaller business would basically mean shutting that business down since it can no longer accept ANY form of non-cash payment. The fines for accidental breaches can be massive, up to $100,000 per incident. This is an intentional breach.

  6. Does not help with that by SuperKendall · · Score: 2

    No reason of course unless you want to be able to verify the app purchase before providing support.

    Many people sent up junk email accounts specifically for using with things like app stores - you cannot rely on the email the user bought under being the one they would use for support.

    But really the concept of checking is outmoded - real customer service is helping whoever asks, however they came by the app. If you have an overload of customer support then it probably means you need better app design, not more ways to put gates up in front of people using your app that need help.

    As an iOS developer I've never been bothered by not being given customer contact info from Apple, because if they like your app enough they will give that information freely. You just have to provide some means to collect it.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Does not help with that by Dynedain · · Score: 2

      Many people sent up junk email accounts specifically for using with things like app stores - you cannot rely on the email the user bought under being the one they would use for support.

      When a support request comes in, you can ask "what email address do you use for your Google Play account" and move on from there. It's pretty hard to ask for a serial number or other unique identifying information if the user can't get into the app.

      But really the concept of checking is outmoded - real customer service is helping whoever asks, however they came by the app.

      Tell that to Redhat or any number of open-source companies that survive on charging for support on their otherwise free product.

      --
      I'm out of my mind right now, but feel free to leave a message.....
    2. Re:Does not help with that by SuperKendall · · Score: 2, Interesting

      When a support request comes in, you can ask "what email address do you use for your Google Play account" and move on from there.

      What a great way to piss off customers. Good luck with that.

      If they are asking you questions about your app pretty obviously they are users, therefore they should get help. It's called "customer service" and it pays off even if they did not pay for your app. A happy customer that didn't pay is still just as good at providing good worth of mouth for future sales.

      Tell that to Redhat or any number of open-source companies that survive on charging for support on their otherwise free product.

      That's a totally different case where obviously they live on support. Of course they are not going to help people for free.

      No app (that I know) could possibly use support as a business model. It's a bad idea because the average user needing support means, hands down, that you failed in app design to build an app people can use.

      App makers get money (currently) off ads or outright charging for the app. Either way they are better off just helping whoever asks, rather than turning people away and being miserly with advice.

      The fact that you were modded up illustrates just why it's so easy for a smart app developer to make money these days, because all you have to do is build something decent and not be an asshole to your customers. That would seem to be a high bar indeed for many technical people.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
  7. What About Freebies by CanHasDIY · · Score: 2

    The article states several times that this applies to paid-for apps, but what about free ones?

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
    1. Re:What About Freebies by Niris · · Score: 2

      Yeah it only shares that information if you're selling a paid app. For free apps, it just sits in your development console and you see how many are installed/downloaded each day.

  8. And this is a surprise how? by dryriver · · Score: 2, Informative

    Google logs the private search data of billions of people across the world, and voluntarily pipes all of it to various 3 letter agencies in the U.S. ---- Google has no understanding of what privacy is, had not had an understanding of what privacy is, and will likely never have an understanding of what privacy. ----- Google is a spying machine disguised as a useful search engine. Period. ----- None of what they are doing on their app store is thus terribly surprising. Google suxxors at protecting your privacy. Something we all have to live with (... and the reason I personally don't use Google's services anymore).

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
    1. Re:And this is a surprise how? by kllrnohj · · Score: 4, Informative

      and voluntarily pipes all of it to various 3 letter agencies in the U.S

      Bull. Fucking. Shit.

      Google only hands over data when legally required to and documents complied requests publicly: http://www.google.com/transparencyreport/userdatarequests/

      And FYI, every web server logs every request you make - that's web server admin 101.

  9. And why would that be? by Let's+All+Be+Chinese · · Score: 5, Insightful

    Real merchants don't "deserve" your personal details any more or less than appstore merchants. There may be a need to take your address for shipment, and in that case a phone number, email adress, or even additional shipment instructions may be useful. But they ought not be required without good reason.

    Note that credit cards muddle the picture by virtue of being a credit facility: You haven't actually paid yet so you are in debt and those obligations add identification requirements. Though strictly speaking all the merchant is supposed to do is pass it on to the credit facility for turning into money, and passing it in the clear is rather outdated, and well-known to be dangerous. Without credit as in payment by cash there and then, much of the need to identify you personally goes away.

    That this information is useful for profiling and all sorts of marketeering and so it's nice to gather, well, plenty furrin places you're not even allowed to do that. I'd say the practice to pass on information that really isn't needed is a dangerous habit that needs reconsideration.

    N'mind that it may possibly be useful to send emails in case of updates or whatnot. Passing that information automatically without need is a flaw, yes. Even if done by design.

  10. I'm prepared for just such a situation by Trax3001BBS · · Score: 3, Insightful

    http://www.fakenamegenerator.com/ I just keep re-rolling until I get a zip code that's close.
    Then use that information to fill out forms and accounts; keeping it on file for future reference.
    My security doesn't stop at a HOSTS file and malware protection. But I use Gmail for
    all of these accounts so it's not perfect.

  11. Like giving Sony my info for buying at Best Buy. by concealment · · Score: 3, Interesting

    What I think many commentators are missing is that Google, as the actual seller of the app, is like a retail outlet. The app developer is selling through Google, not directly.

    What Google is doing here is like Best Buy sending my information to Sony if I purchase a Sony camera at Best Buy.

    I hope they stop this leaky, unpredictable practice. It's counter-intuitive to what the buyer rightfully expects, which is that their information is exposed to the primary seller only (Google) and not secondary providers like the app developers.

  12. Seems legit by Animats · · Score: 4, Insightful

    I'm not sure I see a problem here. The seller is told who the buyer is. That's reasonable enough. It also keeps Google honest with respect to sellers - you can have some people make test buys and make sure that Google pays you for them.

    I'm generally critical of Google's non-approach to non-privacy, but here, there's a real transaction, with money.

    1. Re:Seems legit by NatasRevol · · Score: 2

      I don't know why I need to keep repeating this.

      Can you please explain to me why you need my physical address to sell me an app?

      --
      There are two types of people in the world: Those who crave closure
    2. Re:Seems legit by markana · · Score: 2

      No, the *name* of the customer does not. But their *location* does matter. States with sales tax have a multitude of little taxing districts (which do not always align with municipal boundaries). The people in those districts have voted to tax their purchases at a certain rate. So the State expects to collect sales tax at the correct rate for the location of the purchaser. They then remit to the taxing district their share of the proceeds.

      Tax authorities get very, very put out when they don't get their miniscule pittance of the State's cut.

    3. Re:Seems legit by markana · · Score: 2

      Yes, the local taxing districts seriously want their money. Each and every one of them (there are around 100 or so in this state). Since this is an Internet transaction, the rate depends on the location of the consumer. If you are buying something at a phyiscal store, they add their local tax into the purchase price right there. Online, it's determined by where *you* live (or rather, where the credit card registered on Google is).

      The way Google has set it up, the developer is responsible for sending in the correct tax to the State. Google technically doesn't collect the tax - they just pass it along. The developer has to account for it, and send in the money and itemize where it should apply. That is, I have to record how much I sold to customers in each of those little tax districts, apply their local rate, and add this in with the State's base rate.

      It's a real pain for the small developer, but it only applies in some cases. I don't sell apps outside the U.S., because I'd have to calculate and remit VAT in many countries, and that's just too expensive.

    4. Re:Seems legit by DragonWriter · · Score: 3, Interesting

      Google collects the money. That has to include the taxes.

      Google processes the payment. They aren't the seller, and they have no responsibility to collect, or pay, sales taxes. Which is probably one of the reason Google uses that model for Google Checkout (including, but not limited to, sales from Google Play) rather than the retailer model.

    5. Re:Seems legit by DragonWriter · · Score: 2

      Do you seriously believe that the location of EACH collection of sales tax is needed, wanted or recorded?

      Yes, because when there are multiple taxing districts, where each bit of the funds goes depends on which (potentially several simultaneously) of the (often nested) taxing districts the sale was in. And sellers can be audit to the individual sale for compliance.

      Again, it's Google's responsibility as the collector of said tax. Not the supplier of the app.

      It would be, if Google was a seller rather than a payment processor. But that's not the case.

  13. This is new? by Niris · · Score: 5, Informative

    Wait, this is new? I released my first paid app in November, and the only information you get is email, zipcode/city and name. I've been using the zipcode information to put pins in a map to see everywhere in the world I've sold to, heh.

  14. i use it to find and kill anyone who writes a bad by alen · · Score: 5, Funny

    review

    i don't tolerate any bad reviews on my apps. i either kill them myself or take a hit out

  15. I didn't realise this was a secret by Bogtha · · Score: 4, Interesting

    I understand that it might not be immediately obvious, but I don't think this was a secret by any means. It uses Google Wallet for payments, which is essentially Google's answer to PayPal, and this gives your contact details to the person you are buying from. The first time I bought anything from Google Marketplace, I received a confirmation email from the developers themselves, it never occurred to me that people might not realise this.

    I can see both sides of the argument. I've seen what happens when developers don't have this information, such as with Apple's App Store - it's very frustrating as you want to reach out to customers that have had problems and posted negative reviews to try to solve their problem and prevent it from happening to anybody else, but you've got no way of contacting them.

    On the other hand, I've been spammed by people I've bought goods from through Amazon's Marketplace, so I'm not keen on that happening again. The ideal solution would be for Google to provide a forwarding, anonymised email address to the developers, like Facebook do with Facebook app developers.

    --
    Bogtha Bogtha Bogtha
    1. Re:I didn't realise this was a secret by stephanruby · · Score: 2

      On the other hand, I've been spammed by people I've bought goods from through Amazon's Marketplace, so I'm not keen on that happening again. The ideal solution would be for Google to provide a forwarding, anonymised email address to the developers, like Facebook do with Facebook app developers.

      And also, they should just provide the country, the city, and the zip code instead of the full mailing address (unless the transaction is above $20). Or at least, they should make it more explicit that they're providing this information to the developer.

    2. Re:I didn't realise this was a secret by markana · · Score: 2

      Um, the Seller does *not* get your mailing address.. just Country/State/City/Postal code. Usually (but not always) just enough to figure out the local taxes.

  16. ANCIENT NEWS by Lawrence_Bird · · Score: 2

    Gotta love the Google hate....

    http://www.larrysworld.com/2011/02/21/publishers-worry-about-apples-subscription-service/

    This has been this way a long time. And even "larry's world" gets the 3rd party amazon stuff not quite right - your details do get passed along if Amazon does not handle the fulfilment.

  17. this is simply not true by spottedkangaroo · · Score: 5, Informative

    You do get name, city name, and zip... you do not get an address. That's simply false.

    --
    Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
  18. This is ABSOLUTELY needed. by musixman · · Score: 2, Informative

    Every app developer purchases traffic via banners / text links to promote their app. Without this campaign data being passed along there is no way to tell the conversion ratios! Very very serious

  19. Inaccuracies in the article! by Agent0013 · · Score: 4, Informative

    I am a Google Play developer. I have noticed that I get the names, email, and location of the purchases. This does not include the address though. Only the town, zip, and country. I have looked back at old records and see the email address listed in the purchase records, but I seem to recall this being obscured previously. Unless I am mistaken in some way, it used to give a long apparently randomly created email address for each purchase. I had assumed that this would forward or link to their real email address through Google's records of the purchase, but it looks like they did away with that and now just have your email address listed in the purchase record.

    Personally, I find no reason to have the email address. There is nothing I would want to contact them about. But the sales are in a more general form. It's actually Google Checkout that does the sales for the Google Play store. You could sell knitted sweaters through your Google Checkout account and the shipping and delivering and returns are all a part of the processing procedures. When someone cancels a Play purchase, the entry has a notice to me that I should not ship the product to them. This is even though it is an Android App that Google itself handles all the delivery of. So I can see why some contact with the buyer might be necessary in some cases, but not with a typical Play store purchase.

    <Rant Begin> The people I would really like to be able to contact would be the ones who leave stupid reviews. "One Star - It really needs so and so feature!" Hey dumbass - it has that feature! Of course I am much more polite with my real communications to bug reports and such, but it amazes me how many people don't even pay attention to the hints, instructions, and preferences that I have given to make sure they see what they can change. <Rant End>

    --

    -- ssoorrrryy,, dduupplleexx sswwiittcchh oonn.. -Quote found on actual fortune cookie.
    1. Re:Inaccuracies in the article! by PraiseBob · · Score: 2

      Did you realize getting any kind of personal information means you MUST be PCI compliant? This means quarterly scans by a licensed 3rd party company of your entire network infrastructure among other things. There are a host of rules that must be followed, and if you fail to follow them, and say publicly divulge that information, or get hacked and lose that information, there are massive fines involved (up to $100,000 USD). I'm betting Google didn't tell you that...

    2. Re:Inaccuracies in the article! by ljw1004 · · Score: 2

      I wonder what they give in the UK?

      The UK equivalent of zipcode is "postal code", and it's enough to uniquely identify which block, street, and which and side of the street you live on.

    3. Re:Inaccuracies in the article! by ljw1004 · · Score: 2

      Yes, that six-character alphanumeric code is the postcode and narroed it down to one of about 5 to 20 houses.

  20. It's not about the app, by Grand+Facade · · Score: 3, Informative

    The app is just a vehicle to generate marketing leads, that is where the gold is.

    --
    Rick B.
  21. Re:That Depends by markana · · Score: 4, Informative

    I have free apps in the Play store - and have *never* recieved customer information about those apps. Never. The customer info is only for paid apps, to facilitate tax collection.

  22. Re:Counterpoint: Supporting your customers. by N0Man74 · · Score: 3, Interesting

    I am not going to argue that this doesn't provide some legitimate value, for legitimate trustworthy developers. The problem is we can't assume that every developer is honest and trustworthy.

    It is painfully obvious that there are applications out there that are trying to trick users into downloading a crap app. Some apps will have the exact same name as an iOS only app, with screenshots from the original app, but with fine print that it is only a "fan app".

    I don't know what their intention is, but now that I know what their intentions is, but now that I know that develops can collect this kind of information, I wouldn't be surprised if their existed shady developers were releasing apps as honeypots to collect personal information.

    There is no reason why Google could not create some kind of API to hash users so that a developer could only e-mail users by going through Google, and that abuses of contact information could be traced to a developer for disciplinary action.

  23. Correction: by CCarrot · · Score: 2

    "Google Store Sends User Information *That They Think They Have* To App Developers"

    "...*the fake name, fake address and throwaway email that you registered with Google Wallet* is passed on to the developer..."

    There. FTFY.

    Why would anyone give the big G their real name? Learn how to use Visa or MC gift cards, man!

    --
    "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
  24. This is a feature, not a bug. by Dr+Herbert+West · · Score: 2

    Is it weird that I think this is a good thing for app developers? Along with some apps on the various app stores, I have an online store (PayPal, barf) that I use for selling video plug-ins. Since it's "my" store, I get all customer information every time there's a purchase. As a result, whenever I have updates or new products I like to be able to send out an email to all my customers with a promo code and a quick "Thanks for buying from me in the past, as a reward here's a discount code for some new stuff!"

    I get a lot of new sales that way.

    With these app stores, I don't have a lot of info about my customer other than the poorly managed review process, and in the case of Apple, the remarkably shitty "sales manager" window.

    I like knowing who my customers are, it helps me be a better vendor. Of course, I'm not an evil email harvester or spambot.

  25. Big deal by Swampash · · Score: 2

    It's not like Android users pay for software anyway.

  26. I don't see this as a critical flaw by blackwizard · · Score: 2

    If I want support from an app developer, they'll be more likely to listen to me if they know I'm a paid customer. (For those who don't want support, it would be nice for Google to offer anonymous purchases, though.)

  27. ah, so THAT's why i got spam by TheGratefulNet · · Score: 2

    dammit. I downloaded an app from the 'play' store and soon I got 'auto added' to some stupid mailing list. of course, i never asked to join the list and it was not easy to get off of it, either.

    when I yelled (using some colorful language) at the so-called owner of the app, he acted all surprised that I was pissed off at his behavior.

    had to add a mail filter to stop his absurd 'blog' comments that he insisted we all receive.

    google, you have fucked me again. I knew you were no trustworthy but this really takes the cake.

    this spamming behavior really need to hit the major news so that everyone knows who and what they are dealing with when they 'download an app' and think that some discretion is preserved.

    I hope, someday, google crosses someone with some serious legal power. its just a matter of time before they fuck with the wrong powerful person. and I will cheer the day that google gets punished for their irresponsible behavior.

    --

    --
    "It is now safe to switch off your computer."
  28. This is not a flaw this is how software is sold by qaz123 · · Score: 2

    The developer sells you a license i.e. the right to use his software. He has every right to know who is licensed to use the software and who's not.