After leaving the Play store a few days ago, the app permissions section was finally restored by Google.

A few months ago, the Play Store hosted a section called “Data Security”. This gives developers the opportunity to communicate to users the data collected by their applications. The problem ? By deleting its own section, Google then deprived its users of a certain transparency.

It goes and it comes back…

Google then expressed the importance of continuing to give Android users a choice:

“The Data Security section gives users a simplified view of how an app collects, shares and secures user data, but we also want information about app permissions to be easily viewable so users can understand the ability of an application to access restricted specific data and actions”.

After public outcry, Google will reinstate Play Store app permissions list

A few days ago, Google started rolling out the new ‘Data Safety’ screen more widely in its Play Store, and it made waves in the tech world when we discovered that the new section was replacing the display. normal application permissions. After the public’s negative reaction to the news, the official Android Developers Twitter account promised to roll back the change and let the permissions screen appear side by side with the new data safety view.

It must be said that “Data Safety” is a new Play Store section that allows developers to list what data an app collects, how that data is stored, and with whom the data is shared. It’s hard to understand how Google came to the conclusion that “Data Safety” was an acceptable replacement for the app permissions list. It’s true that the two sections overlap a lot – for example, you’ll probably see “location” on both screens if an app asks for your location. The problem comes from Google’s implementation of these two screens. The Application Permissions List is a factual, computer-generated record of the permissions an application can request, while the Data Security section is authored by the developer. You can’t cheat app permissions list, while Data Safe works on honor system.

Last April, Google introduced a new “Data Safety” section in the Play Store app listing to summarize how apps use your personal data. According to Google, the goal is to improve transparency about how apps collect and process data, following in the footsteps of Apple and App Store privacy labels. This new section basically provides an overview of what data an app collects or shares, whether that data is secure, and any other additional details that might impact privacy and safety.

If, on the one hand, Google introduced the “Data Safety” section on the Play Store to provide users with more information on how apps use their data, on the other hand, the company is removing crucial details application lists. In March this year, Google proceeded to remove some items from Play Store listings for some users. Then Google got rid of the list of permissions. Recall that the app listings on the Play Store include a “Permissions” section that lists all the permissions required by each app.

This section allows users to easily check all the permissions required by an app without having it installed on their device, making it a handy feature for those who care about their privacy. However, Google seems to have removed it for all apps. Developers had until July 20, 2022 to submit content for their “Data Safety” section. Here is the calendar provided by Google

  • October 2021: Publication of the data security form available on the Content page of the application in the Play Console
  • Developers can fill it out and submit it to receive early feedback on identified issues. During this period, application submissions will not be affected by the information provided in your data security form. Note, however, that other policy violation issues may impact your application,
  • If you have any concerns about your data security form, you’ll receive an email letting you know that the app’s content has been approved despite issues. You will need to read the information provided and take appropriate action. You can temporarily release app updates by manually reverting your data security form to “Draft” mode in the Play Console,
  • If they haven’t already, developers should add a link to their app’s privacy policy;
  • End of April 2022: Deployment of the data security section on Google Play for all users. If a PSL has not yet been completed or submitted for an application, “No information available” will be displayed in the data security section of that application
  • If you have not yet completed and submitted the form for your application, the mention “No information available” will be displayed on the Play Store listing of the application (in the section on data security);
  • July 20, 2022: New app submissions and app updates will be disallowed in the Play Console if the form issues have not been resolved;
  • For all new app submissions and app updates, you must complete a data security form. You can no longer publish an application or an application update if this form is incomplete or you have not solved the problems concerning it,
  • If there are still issues with the information in the data security section, users will see “No information available” in this section on your app’s Play Store listing. You will then receive an e-mail indicating the problems to be solved,
  • All new app submissions and app updates require valid privacy policies;
  • After July 20, 2022: Further action may be taken later for non-compliant apps, such as removing the app’s Play Store listing from Google Play.

Overall, the “Data Security” section will highlight the following:

  • whether the developer collects data and for what purpose;
  • if the developer shares data with third parties;
  • application security practices, such as encryption of data in transit and the ability for users to request deletion of data;
  • whether a qualifying app has agreed to follow Google Play’s Family Guidelines to better protect children in the Play Store;
  • whether the developer has validated its security practices against a global security standard (specifically, the MASVS standard).

As with app details such as screenshots and descriptions, the developers are responsible for the information in this section of their app and its accuracy. Google Play policies require the information in this section to be accurate. Any misrepresentation of data by the developer will be treated as a violation of Google Play rules, which means that an app may be removed from Google Play if it does not properly or accurately disclose the data it collects and the processing it does. she does.

An approach that was not well received

However, according to cyber security experts, removing permissions list does not seem like a good privacy decision at all. At first glance, the data security entries might look quite similar to the old list of app permissions. There are things like “location” in there, and in some ways it’s better than just a list of permissions, because developers can explain how and why each piece of data is collected. However, the difference is how this data ends up in Google’s system.

Specifically, the old list of app permissions was guaranteed to be factual. For good reason, it was built automatically by Google when analyzing an application. The new “Data Security” section, on the other hand, operates on the principle of honour. Here’s Google’s explanation to developers on how the new section works: “You are solely responsible for the complete and accurate statements you make in your app’s listing on Google Play. Google Play reviews apps against all policy requirements.

“Nevertheless, we cannot determine, on behalf of the developers, how they handle user data. Only you have all the information necessary to complete the data security form. When Google becomes aware of a discrepancy between your app’s behavior and your statement, we may take appropriate action, including enforcement action. In April, it was not entirely clear that the permissions section would disappear when the new “Data security” section was launched.