Google cracks down on apps that snoop on you, even if they’re not in Play Store

Safe Browsing warnings will appear “on apps and on websites leading to apps that collect a user’s personal data without their consent”.
Google
Google is introducing significant changes to how it enforces its Unwanted Software Policy, which should result in better privacy and transparency for the world’s two billion Android users.
Google is giving developers two months to ensure their apps don’t deviate from its Unwanted Software policy. If an app continues to stray from the policy, users are likely to see its Safe Browsing full-page warnings, which will probably drive users away from the offending software.
The crackdown is a new effort to combat malicious and harmful Android apps and will apply to software distributed through the Play Store as well as third-party Android app markets.
The Safe Browsing warnings will appear “on apps and on websites leading to apps that collect a user’s personal data without their consent”, Google notes on its security blog.
In other words, the warnings may be applied to sites and software that promote apps that violate its policy, as well as the offending apps themselves.
If an app uses a user’s phone number or email address or device data, it will need to prompt the user and provide a privacy policy within the app.
Developers will also need to offer a way for users to give their “affirmative consent” if an app collects and transmits personal data that’s unrelated to the functionality of the app. The app also needs to prominently explain how user data will be used.
安卓广告成黑色产业链的根本原因不是消费者舍不得花那几块钱支持正版,而是因为免费能获得的让消费者心理上觉得赚了,实际上从广义上来说这样做牺牲了安全和隐私。
“These data collection requirements apply to all functions of the app. For example, during analytics and crash reporting, the list of installed packages unrelated to the app may not be transmitted from the device without prominent disclosure and affirmative consent,” Google explains.
The changes reflect an update in August to the Personal and Sensitive Information section of Google’s Developer Policy Center. The amended policy introduced a requirement for an app to provide prominent disclosure if it collects and transmits personal user data unrelated to the app’s main functionality described in the Play Store listing.
The section covers requirements for how an in-app data-usage disclosure must be displayed and how the app needs to request user consent.
For example, the in-app disclosure must be shown within the app itself and not just the Play Store listing or on a website.
It must also be displayed within the normal usage of the app and not be buried in settings. It also can’t be placed in a privacy policy or terms of service and must not be bundled with non-privacy disclosures.

CyberSecurity Law Introduction 网络安全法宣传视频系列
The affirmative consent request dialog needs to be presented in a clear and unambiguous way. To gain consent, the user will need to tap to accept or tick a check-box.
Google notes that two common violations are when an app doesn’t treat a user’s installed apps as personal or sensitive user data and when an app doesn’t treat the user’s phone or contact book as personal data. The apps will be considered to violate Google’s policy if they don’t follow the rules for prominent disclosure.
Websites owners that attract a Safe Browsing warning will need to follow the usual processes in the Search Console if they want to resolve the warnings. App developers caught by the new Safe Browsing warnings can request an app review on the App Verifications and Appeals support page. Previous and related coverageGoogle Safe Browsing beats rivals but still only flags up 10 percent of hacked sites An analysis of hijacked websites suggests Google’s Safe Browsing technology is only warning users about a small proportion of them.Google tightens noose on HTTP: Chrome to stick ‘Not secure’ on pages with search fields In October, Google will begin phase two of its plan to label all HTTP pages as non-secure.
Related Topics:
Google
Security TV
Data Management
大多数的黑客行为、病毒、蠕虫等的泛滥都源自于系统安全漏洞没能及时得到修复,而被攻击者恶意利用,我们要加强教育员工及时修复漏洞或弱点的重要性。

猜您喜欢

中小创突然受大批机构关注!芯片、5G成热点
使用国外信息服务的安全隐患探讨
网络安全法网络宣传片 002 国家网络安全的现状与重要性概述
披着“伪创新”外衣的圈钱游戏——“山寨币”传销骗局调查
SPASIBOVSEM DREASMORESATL
一个信息安全动画小故事,随意丢弃损毁的U盘,被保洁员拾走,泄了密……