It was discovered last week that a major flaw may exist in the Google Play Store where developers would have access to customer information from those who download and purchase apps on the Play Store. Paul Keating, who created the Insult Generator, discovered that he was able to access a customer’s name, address, and email address for everyone who purchased his apps. The story quickly gained traction in Australia and worldwide where industry watchers see this as a major flaw as developers should not have access to this information.
A potential danger in having this information is that developers who finds that customers had left negative or non-positive reviews could use the customer’s email address to communicate with and harass said customer in a retaliatory act.
Another danger is that if a developer does not have security policies in place in handling customer information, a security breach could potentially see personal information being acquired by the wrong hands.
The disclosure of customer information was not published in the Play Store’s terms of service nor to developers.
However, Google apparently did not view this issue as a flaw. According to AppleInsider, the company has asked Australian news site News.com.au to amend its headline to remove the word flaw:
“For the people asking how the story was amended: Despite the fact that Google refused to comment on the record, I was asked to change the headline (both the homepage headline and SEO headline inside the story), as well as the standfirst and lead (first paragraph). Google’s issue was with the use of the word ‘flaw.’ Apparently a system that is designed to share users information with developers without their knowledge or permission and without explicitly saying so in any terms of service is not considered to be a flaw.”-Claire Porter, author, News.com.au
For comparison, Apple does not give its developers any access to customer information and the company provides developers with little, if any, specific information from customers.
Google so far has not offered any on the record comment and it’s unclear if Google will either amend its practices or its service agreement with customers to alert future customers that when they download or purchase an app, their personal information will be sent to the developers of that app.