skip to main content
Receive client alerts and/or Silicon Valley e-News in your inbox.
Beginning March 15, 2017, Google began removing apps from Google Play, its online marketplace where apps and other digital media are offered for download and use on the Android platform, for failing to comply with Google’s User Data Policy. Google began contacting app developers in February to announce that it planned to begin such removal starting in March. Through these actions, Google joins state and federal regulators in their concerted and continued efforts to protect consumer privacy. Are your apps at risk of being removed from Google Play?
To opt out of Google’s requirements, app developers can remove from their app’s functionality any and all requests (both active and passive) for personal or sensitive information.
Apps offered through Google Play also must handle (i.e., collect, store and transmit) “personal or sensitive” user information in a secure manner. This includes transmitting it using modern cryptography (for example, over HTTPS). Apple recently rolled out a similar secure transmission requirement: on January 1, 2017, Apple began requiring developers of apps offered through Apple’s App Store to enable “App Transport Security,” which forces applicable apps to connect to web services using HTTPS, rather than the unsecure HTTP standard.
Google’s announcement and assurances regarding improving protection of user privacy will also benefit developers. Some of the noncompliant legacy or effectively abandoned apps that Google removes from Google Play through enforcement of its User Data Policy may contain security vulnerabilities. By enforcing its User Data Policy, Google can help promote consumer trust in Google Play: Google’s app removal effort will allow app users to better find apps with up-to-date security protections, and app developers can more easily reach their audience. Google’s latest announcement is just one of many reasons for app developers to be sure to monitor and update their apps’ security protections, and to reconsider and, if necessary, revise their applicable privacy policies.
If you have any questions regarding this alert, please contact Richard Caira at 919.484.2315 or RCaira@wcsr.com or Taylor Ey at 919.484.2306 or TEy@wcsr.com.