Last year, Apple rolled out a new set of what it called Privacy Labels for the App Store. These disclaimers were like confidential nutrition information attached to each app list, with developers providing the details of exactly what data their apps collect and exactly how they are used – provided you trust them to be honest. The moment the news landed last year, expectations turned our collective attention to Google: When would Android and the Play Store get something similar?
The answer is “next year”, provided Google’s preliminary schedule for the new “security section” announced today holds. And based on the details provided, it might strike Apple when it comes to worrying about your security rather than just your privacy.
We do not know what the new security department will look like in action, and Google is still deleting some of the information with feedback from the developers, but the overall strategy is outlined in broad outline.
A (clumsy) example of a privacy tag in the App Store.
The new security section will offer similar data to Apple̵
As in the case of Apple, Google will require developers to be honest and responsible in declaring what their apps use, and if they try to spot the rules, they must either correct it or be subject to further “political enforcement”. Although the exact terms of enforcement are not described, we must assume that it is in violation of other Play Store policies, which could mean things as simple as holding back updates or potentially as extreme as the app being removed from the list for extreme violations. And Google makes itself and all of its own apps subject to the same policy, so there is no double standard that matches Apple.
However, in a few very important ways, Google is also an upward Apple, just like security. This new security section will also explain whether an app follows specific security practices, such as data encryption. Moreover, these kinds of labels are only accurate as long as developers are honest about what they are doing. To this end, Google will have apps declare whether their privacy and security requirements have been verified by an independent third party.
Apps in the Play Store will also explain whether the permissions are required or optional, rather than just a list of all possible permissions they could declare. For example: If you’ve cool with a third-party photo app that accesses your camera but not your microphone and it can take pictures both ways. Or if a workout tracking app can access your physical activity history but not your location directly and still track your calories burned, etc.
… this policy is set to beat Apple when it comes to security and accountability, not just privacy
Apps will also declare compliance with Google’s family policies, which is likely to make it easier to choose family-friendly apps for the kiddos – though hopefully they do better than the kid-friendly section of YouTube. This would build on the “teacher-approved” badges that rolled out last year to the Play Store and policy changes in 2019 regarding apps targeted at specific age groups and which child accounts can be restricted to with Family Link.
Most importantly, Google’s policy also lets apps highlight if customers can delete their data if they stop using an app. So if any of your data for an app is stored from your device (which masses of apps do), you know if it’s going to be someone else’s property for ages, or if you can tell them to throw it out when you decide you’m done playing Clash of Crush or whatever.
I honestly assumed that if Google rolled out its own version of Privacy Labels, they would just be a straight clone of Apple’s system. But this policy is set to beat Apple when it comes to security and accountability, not just privacy.
However, there is a kind of bigger pick, and that is Google’s timeline for this new security section in the Play Store – outside of that kind of “eh” name.
While that may change, this new section is not set to appear until next year, sometime in the 1st quarter of 2022. It comes on two years after Apple announced dens confidentiality information back in June 2020, which rolled out to phones last December. The formal policy details will also not be standardized until the 3rd quarter of this year, and developers may start placing this info in their app listings around the end of the year.
The ultimate deadline by which all new and existing apps must declare details for the security section is Q2 2022, and it is not immediately clear what can happen to the (probably millions of) apps in the Play Store that have basically become abandoned and will never be updated to respect this new policy – if, for example, they may still be available with a prominent warning and blocked from providing updates until they do so, or if they are directly unlisted.
Developers hoping to join the conversation for the new security section in the future are encouraged to review their apps and see what data is being collected, stored, and where and how it is being sent anywhere. At the same time, they should review best practices and best practices and raise a stink as needed if they encounter issues or questions that Google may want to be aware of before putting the new rules in stone.