In recent days, Google Play has come under fire following a wave of reports suggesting that developers are gaining access to personal information related to individuals who purchase their Android apps in the Google Play store.
Dan Nolan, an Android developer in Australia, was first to discover the problem, revealing publicly that whenever someone purchased his app, he was privy to the buyer’s name, email address, and more.
“With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase,” Nolan wrote on his blog.
“The problems on android of app permissions (and subsequent potential for malware aside) is one of active negative behavior on the part of an app developer,” he continued. “This isn’t. This is a massive oversight by Google. Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it and it’s made crystal clear to them that I’m getting this information. This is a massive, massive privacy issue Google. Fix it. Immediately.”
In the days that followed, a slate of developers and privacy experts verified Nolan’s claim.
“With Apple’s app store you buy the apps from Apple,” a Google rep. responded to some of the criticisms. “With Google Play you buy the apps from the developer. If you are the merchant of record you need to know the address to correctly compute sales tax…. Google cannot give tax advice, so we have to give you the data to make the determination yourself.”
Google doesn’t seem to agree that this is a mobile privacy or security issue worthy of such negative media feedback.