Google's now solely relying on developers to provide accurate app data collection information
Published: July 18, 2022
Earlier this year, the Google Play Store launched a new data privacy section that relies on developers to disclose the information their apps collect. But as pointed out by Esper senior editor Mishaal Rahman (via Ars Technica), this may mean that Google will no longer display a verified list of permissions it automatically gathers from each app, giving developers full control over what they choose (or don't choose) to disclose to users.
When Google first announced the new data privacy section last year, the company made it clear that its system would rely on information provided by developers. On a support page, Google states that developers have until July 20th to fill out a data privacy form for their apps, noting developers "alone" must make "complete and accurate declarations" for their apps.
APPLE APP STORE HAS A SIMILAR POLICY IN PLACE FOR ITS PRIVACY "NUTRITION" LABELS.
"Google Play reviews apps across all policy requirements; however we cannot make determinations on behalf of the developers of how they handle user data," Google explains. "Only you possess all the information required to complete the Data safety form." Google says it will take "appropriate action" if it finds any discrepancies between developers' reported information and the app itself.
It's worth noting that the Apple App Store has a similar policy in place for its privacy "nutrition" labels, and also requires developers to submit "self-reported summaries" about their apps' privacy practices. Just like Google's doing now, Apple puts its trust in developers to provide truthful information about the data their apps collect, which a report from The Washington Post found is often "misleading or flat-out inaccurate."
While Google doesn't indicate any plans to replace the automatically-generated app permissions with the data privacy section, it looks like Google quietly swapped it out. In a thread on Twitter, Rahman shows screenshots comparing one app listing with the old "Permissions" section, and another that has just "Data safety." I noticed the same after comparing an archived version of TikTok's Google Play Store listing from 2021 with the one that's available right now.
As Rahman points out, Google is storing app permissions in the Play store, but it's just not visible from the front end. He suggests downloading the open-source Play Store alternative, called Aurora, which still displays permissions before you download an app.
That said, it would make a lot more sense for Google to display both app permissions and the data privacy section. This way, users could compare both to confirm that the developer-reported permissions are consistent with Google's findings. The Verge reached out to Google to see if the company plans on reinstating the app permissions section, but didn't immediately hear back.
Source: Re-posted and Summarized from Emma Roth at theverge.
My Take: Self reporting is cheaper and easier for Google. It will lead to all sorts of abuse though. Just wait and see.