News of a "massive" privacy issue with the Google Android Play Store was reported today by several popular news sites and blogs including Reddit, Daring Fireball, ZDNet, and news.com.au.
The controversy is around how Google automatically shares detailed personal information of everyone who purchases a paid app with the app's developer.
I first noticed this back in July 2012:
Other well-known Android developers posted about this in November 2012. A Google employee replied to one of these post explaining the situation:
With apple's app store you buy the apps from apple. With google play you buy the apps from the developer. If you are the merchant of record you need to know the address to correctly compute sales tax.
This is documented on http://support.google.com/googleplay/android-developer/bin/answer.py?hl=en&answer=138000.
Google cannot give tax advice, so we have to give you the data to make the determination yourself.
This makes sense, but is not clearly communicated to users or developers.
When you buy a physical product online you obviously need to share your address with the seller, and the checkout flow makes this very clear. When buying an Android app, there's no indication that any of this information is shared, and the buyer has no opportunity to select which address or phone number to use for the purchase.
Apple set a very high bar for privacy when they launched the App Store: Developers are given zero information about customers. When Google copied it to create the Android Market, expectations had already been set.
The Android Market didn't initially support paid apps, and it always seemed that support for paid apps was hastily bolted on. For example: When someone "returns" your app within the 15 minute window, the developer receives an email reminding them to not "process or ship this order.", which clearly makes no sense.
There's also no email when someone successfully buys your app, which might actually be useful and like Apple, Google offers absolutely no information to developers about who downloaded free apps: there's a huge gap. Because the entire experience of purchasing Android apps is so sloppy, it's not unreasonable to assume that this privacy issue was actually an oversight.
Google should follow Apple's lead and offer users and developers better privacy protection.
UPDATE 2013/02/26: This post was picked up by The Guardian, which notes that full address and phone number are not actually available. I am unsure of if this changed since last year or if I made a mistake.
But that does not explain why it passes on buyers' names and email addresses, which together with a postcode could be used to identify a person's location and address.
This is true, it's quite easy to track someone down with even a small amount of information. This is made even easier by what appears to be a bug in the Google Checkout dashboard for app developers: If you search for an address, matching orders will be returned even though this information is not displayed.
It's also worth noting that when you purchase an app, you can definitely see the developer's address and (sometimes) phone number. Not a problem for a company with an office, but possibly unsettling for many hobbyists.