Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Store Sends User Information To App Developers

timothy posted about a year and a half ago | from the always-the-first-to-know dept.

Google 269

Several readers have passed on news of a privacy hole in the Google app store. Reader Strudelkugel writes with the news.com.au version, excerpting: "Every time you purchase an app on Google Play, your name, address and email is passed on to the developer, it has been revealed today. The 'flaw' — which appears to be by design — was discovered this morning by Sydney app developer Dan Nolan who told news.com.au that he was uncomfortable being the custodian of this information and that there was no reason for any developer to have this information at their finger tips."

cancel ×

269 comments

"Flaw"? (5, Insightful)

elephant_hunter (814983) | about a year and a half ago | (#42900487)

Today I learned that app developers don't deserve to be treated like real merchants

Re:"Flaw"? (5, Insightful)

Anonymous Coward | about a year and a half ago | (#42900579)

Hey, go build your app store and sell your apps...until you do no...your not a merchant...your a supplier. Google App store is the merchant.

You seem to not understand your role here. You are not the making the sale. Google is. You simply getting your book/album/software distributed by a merchant. /really is that simple

Re:"Flaw"? (5, Informative)

dagamer34 (1012833) | about a year and a half ago | (#42900639)

If this were the iOS or Windows Phone stores, then yes, that would be true. But with Google Play, the developer actually IS the merchant. The Play Store itself is only an intermediary. The system is setup like any other online store where there are "ordered" and goods are "shipped". Blame the fact that Google basically grafted the paid Android store onto a system that was meant for real-world goods. Honestly though, this isn't news. Every Android developer has known this for YEARS. And this is no different than any other online store out there.

Re:"Flaw"? (4, Insightful)

node 3 (115640) | about a year and a half ago | (#42901087)

If this were the iOS or Windows Phone stores, then yes, that would be true. But with Google Play, the developer actually IS the merchant.

The problem here is that it's not presented that way. The Play Store appears, to the customer, exactly like any other storefront. If it's really more like a flea market with individual merchants all collected together under one roof, instead of like a retail store, then this is something that is not only obscured to the buyer (which is a gross deception), it's also not even obvious to the developers, who seem quite surprised to receive this amount of info.

The Play Store itself is only an intermediary. The system is setup like any other online store where there are "ordered" and goods are "shipped". Blame the fact that Google basically grafted the paid Android store onto a system that was meant for real-world goods.

I blame the fact on the combination of Google not caring one whit about end user privacy, coupled with Google's greatest strength: they do things in the quick-and-dirty somewhat Unix-style. Instead of creating a monolithic retail system, they slap together a few subsystems and call it a day.

This is a strength when it comes to flexibility and speed of execution, but is a weakness when it comes to making something consistent and reliable for the user. I prefer products with well thought out designs, where every detail is worked over and refined, but I do also understand the appeal of the infinitely flexible. I won't tell anyone which they should prefer, but I will say that end users are being presented something that doesn't match the reality of the system being presented.

Honestly though, this isn't news. Every Android developer has known this for YEARS. And this is no different than any other online store out there.

The developers have known this, but this has been unknown to the users. I had no clue this happened (but assumed Google was nowhere near as protective of my privacy as Apple, so have kept that in the back of my mind when using the Play Store).

However, I really would have greatly preferred to know this ahead of time. This isn't some design detail which needn't be exposed to the end user, but something that really needs to be openly and clearly made aware of. For me, this is a breach of trust, and while I won't eschew Google's services altogether because of it, I also won't quickly forget this breach either.

Re:"Flaw"? (2)

interval1066 (668936) | about a year and a half ago | (#42901429)

they slap together a few subsystems and call it a day

Still doesn't explain why customer info is sent to developers. This is acwillful greach of consumer trust on the part of google. I don't see how else it could be spun.

Re:"Flaw"? (0)

Anonymous Coward | about a year and a half ago | (#42901185)

So, you leave your personal information to every restaurant you visit, every store you shop in?

Re:"Flaw"? (2)

Andy Prough (2730467) | about a year and a half ago | (#42901249)

Depends - do you pay with credit card or cash?

Re:"Flaw"? (2)

daniel78 (2563977) | about a year and a half ago | (#42901199)

out of mod points, but parent is 100% correct.

It's a stupid set up (no doubt an attempt to protect Google from being blamed for what's in their store) and is a huge pain for many reasons. But its not a "privacy hole", and was not "discovered this morning".

Re:"Flaw"? (4, Interesting)

samkass (174571) | about a year and a half ago | (#42901339)

If this were the iOS or Windows Phone stores, then yes, that would be true. But with Google Play, the developer actually IS the merchant. The Play Store itself is only an intermediary. The system is setup like any other online store where there are "ordered" and goods are "shipped". Blame the fact that Google basically grafted the paid Android store onto a system that was meant for real-world goods.

Honestly though, this isn't news. Every Android developer has known this for YEARS. And this is no different than any other online store out there.

Apple does not give you a 1099-- you are the seller, and Apple is acting only as an intermediary. That being said, Apple does not share ANY of this information with publishers. Even magazine sellers via Newsstand on an iOS device can only receive customer information if the customer opts-in to it. Apple's profit model is to sell more devices, and keeping strict privacy guarantees for customers helps sell devices. Google's profit model is to sell advertising, so people expect far less protection from Android. But legally they're both intermediaries between the buyers and the sellers.

Re:"Flaw"? (5, Insightful)

elephant_hunter (814983) | about a year and a half ago | (#42900677)

Hey, go build your app store and sell your apps...until you do no...your not a merchant...your a supplier. Google App store is the merchant.

You seem to not understand your role here. You are not the making the sale. Google is. You simply getting your book/album/software distributed by a merchant. /really is that simple

Does that mean that people who sell apps on Amazon or eBay aren't merchants either?

You're the one who seems not to understand. The middle man doesn't matter. If I am making a transaction with a customer, I am a merchant.

Re:"Flaw"? (2)

Anonymous Coward | about a year and a half ago | (#42901173)

>If I am making a transaction with a customer, I am a merchant.

Really? You clear the customer's credit card? I thought the way these stores worked is that you supply Amazon/Google/etc with product and Amazon/Google/etc pays you when that product sells.

Re:"Flaw"? (0)

Anonymous Coward | about a year and a half ago | (#42900941)

I hope English is your second or third language.

Re:"Flaw"? (2, Informative)

CanHasDIY (1672858) | about a year and a half ago | (#42900593)

Today I learned that app developers don't deserve to be treated like real merchants

They aren't - Google Play is the merchant, the developers are the manufacturers.

Personally, I'd rather not have my contact information sent to the manufacturer of every product I buy.

Precisely (0)

Anonymous Coward | about a year and a half ago | (#42900959)

Precisely. This is akin to buying a coffee maker at Walmart and then Walmart sends your contact information to Black+Decker.

But, wait, there's more! Black+Decker now knows every time you make a cup of coffee, thanks to the ad system tied into the coffee maker. They also know what type and brand of coffee you're getting each time.

Now many will argue that they don't care who knows what about their coffee. But, I care and neither Walmart nor Black+Decker disclosed this leakage.

The simple matter is that Black+Decker does not need to know, so I take offense to them superstitiously extracting that information. Additionally, my coffee preferences are just one more detail of my life that is being assembled into a cohesive profile of details from all sorts of sources who acquired minor details without me knowing or accepting that they would be combined with all the other details for other sources. Said profile will then be used against me to market, possibly coerce, targeted usury pricing, exclusion from service, or who-knows-what other unanticipated consequence.

Google(Walmart) should not me giving my information to Rovio(Black+Decker)!

Re:Precisely (1)

NatasRevol (731260) | about a year and a half ago | (#42901317)

I had to lol at "superstitiously".

Re:"Flaw"? (5, Informative)

daniel78 (2563977) | about a year and a half ago | (#42901069)

This is simply not true. Stupid as it may seem, Google has set up the Play store so that they are merely the "card processor". I agree that it seems a bit of a stretch, but that's the way it is. As such, the app developer really is the merchant. That's why you get receipts (via google checkout) from Joe Bloggs LLC rather than from Google itself.

Re:"Flaw"? (2)

CanHasDIY (1672858) | about a year and a half ago | (#42901333)

This is simply not true. Stupid as it may seem, Google has set up the Play store so that they are merely the "card processor". I agree that it seems a bit of a stretch, but that's the way it is.

Hence the reason Google doesn't see it as a flaw - it's precisely how the system was designed to work.

However, that does not change the fact the system itself is a flawed process that ignores the conventional consumer/merchant relationship.

Re:"Flaw"? (2)

tknd (979052) | about a year and a half ago | (#42901203)

They aren't - Google Play is the merchant, the developers are the manufacturers.

And you're incorrect. If Google Play was the merchant, then they would collect sales tax on my behalf, but Google has chosen to put this weight on the "manufacturer" therefore I as a developer become a "merchant" and Google Play is nothing more than a distribution mechanism and marketplace. This is why I receive information about customers and their locations so I can correctly compute taxes.

Re:"Flaw"? (1)

CanHasDIY (1672858) | about a year and a half ago | (#42901439)

No, they're still the merchant by technicality (and legality) [wikipedia.org] , it's just that they've off-loaded much of the responsibility (and thus, risk) onto the manufacturers of the product they sell.

A merchant is a businessperson who trades in commodities that were produced by others, in order to earn a profit;
 
In the United States, "merchant" is defined (under the Uniform Commercial Code) as any person while engaged in a business or profession or a seller who deals regularly in the type of goods sold. Under the common law and the Uniform Commercial Code in the United States, merchants are held to a higher standard in the selling of products than those who are not engaged in the sale of goods as a profession/career.

Re:"Flaw"? (0)

BasilBrush (643681) | about a year and a half ago | (#42901469)

Sounds like a pain. Apple do all that for you with their store.

Re:"Flaw"? (0)

Anonymous Coward | about a year and a half ago | (#42901253)

So I take it you never ever registered a product you purchased?
So if your big screen TV goes out four months after you purchased it - hey you don't need no stinking warranty support of service! You'll just pay for a new one right?

Re:"Flaw"? (1)

blueg3 (192743) | about a year and a half ago | (#42901463)

Damn, I came here to say this. There is a direct real-world analog: Google is operating the store and selling products on behalf of suppliers. They're the only ones that have direct customers.

Re:"Flaw"? (1)

CanHasDIY (1672858) | about a year and a half ago | (#42901585)

Exactly - Google is Walmart, the developers are P&G, Sony, Schwinn, and every other product manufacturer who sells their goods in Walmart.

The fact that Google offloads the responsibility of charging sales tax to the manufacturers is of no consequence to the point.

And why would that be? (5, Insightful)

Let's All Be Chinese (2654985) | about a year and a half ago | (#42900667)

Real merchants don't "deserve" your personal details any more or less than appstore merchants. There may be a need to take your address for shipment, and in that case a phone number, email adress, or even additional shipment instructions may be useful. But they ought not be required without good reason.

Note that credit cards muddle the picture by virtue of being a credit facility: You haven't actually paid yet so you are in debt and those obligations add identification requirements. Though strictly speaking all the merchant is supposed to do is pass it on to the credit facility for turning into money, and passing it in the clear is rather outdated, and well-known to be dangerous. Without credit as in payment by cash there and then, much of the need to identify you personally goes away.

That this information is useful for profiling and all sorts of marketeering and so it's nice to gather, well, plenty furrin places you're not even allowed to do that. I'd say the practice to pass on information that really isn't needed is a dangerous habit that needs reconsideration.

N'mind that it may possibly be useful to send emails in case of updates or whatnot. Passing that information automatically without need is a flaw, yes. Even if done by design.

Re:"Flaw"? (1)

mikes.song (830361) | about a year and a half ago | (#42900733)

This! I've sold software on Google Checkout/Wallet since day one, and always expect/demand customers data. I would like to get data from iOS sales too! This developer needs to get a job.

Re:"Flaw"? (3, Informative)

Anonymous Coward | about a year and a half ago | (#42900795)

I would like to get data from iOS sales too!

Speaking as an iOS user, I don't want you spamming me.

Re:"Flaw"? (2)

CanHasDIY (1672858) | about a year and a half ago | (#42900921)

This! I've sold software on Google Checkout/Wallet since day one, and always expect/demand customers data.

What apps? I want to make sure I don't fuck up and give a scammer my personal info by accidentally buying one.

Re:"Flaw"? (1)

gstoddart (321705) | about a year and a half ago | (#42900923)

This! I've sold software on Google Checkout/Wallet since day one, and always expect/demand customers data.

Then tell us the name of your software, and we'll be sure not to buy it. Betting you'll not want to do that.

You're selling something through a 3rd party, all you need to know is how much money is owed to you.

Budweiser doesn't need to get notified if I buy some of their beer.

The expectation of these stores is I'm only entering into a business arrangement with the store who sells your product, and not you.

Re:"Flaw"? (1)

msclrhd (1211086) | about a year and a half ago | (#42901299)

The only other information that is useful is generic information. Specific information (name, address, credit card numbers, etc.) the app developers (me included) do not need -- they are only useful to Google Play/Checkout/Wallet handling the purchase transactions on the app developers behalf.

The language you are running the phone in could be used to prioritize/target translations of the application. The version of Android could be used to concentrate testing. Tablet vs. phone as well as screen sizes can give an indication of where to improve UI layout and presentation (although the devs should still ensure it is at least functional on those setups). The device the app is installed on can be useful for tracking down bugs and if a particular device is popular for the app, the dev can purchase one to focus testing.

The only other information is app specific -- e.g. what functionality of the app is being used / where people are spending most of their time. This allows the devs to either remove the functionality (no-one wants it) or figure out how to make it more discoverable (no-one knows it's there). This also applies to help -- which help pages are being read the most (indicating a usability/discoverability issue).

Re:"Flaw"? (1)

BasilBrush (643681) | about a year and a half ago | (#42901587)

Is the device detail known to to App Store? Isn't an app bought for an account rather than a particular device?

I'm thinking it's app usage data that's needed, not purchase data.

Have you taken a look at Flurry, and the other analytics packages? I must admit I haven't got round to looking closely yet, so I'm not sure whether there's a real or perceived negative privacy implication to it.

Re:"Flaw"? (1)

NatasRevol (731260) | about a year and a half ago | (#42900953)

Can you please explain to me why you need my physical address to sell me an app?

Re:"Flaw"? (4, Insightful)

node 3 (115640) | about a year and a half ago | (#42901171)

This! I've sold software on Google Checkout/Wallet since day one, and always expect/demand customers data. I would like to get data from iOS sales too! This developer needs to get a job.

If you want my data, you are free to ask me for it. I'm quite offended to hear you "expect/demand" it. Why? It belongs to me, and if you want it, you may ask. If it's for income, just ask me to pay what your product is worth instead of tricking me with a low price and making up the difference with the theft of my personal data.

This is exactly why I prefer Apple's iOS ecosystem. I know what I'm getting into, and am in full control over my personal data. I'm much more happy to part with a bit more money than with most of my privacy.

Re:"Flaw"? (0)

Anonymous Coward | about a year and a half ago | (#42901181)

you have absolutely no need for that information. go suck hairy droopy donkey balls.

Re:"Flaw"? (4, Insightful)

gstoddart (321705) | about a year and a half ago | (#42900815)

Today I learned that app developers don't deserve to be treated like real merchants

If you buy ketchup at a grocery store, do they send your personal information to Heinz?

Of course they don't.

The app developers don't need to know anything more than how much they get paid. And in some cases, if Google is doing this -- it would be considered illegal.

This is just colossal stupidity, there's no reason those companies should be getting any of this information.

Re:"Flaw"? (0)

Anonymous Coward | about a year and a half ago | (#42901647)

If you use PayPal to check out on ebay or another online shop do they pass your information to the retailer?

Yes, yes they do. Google is just the payment processor on the play store.

This is old "news". Every app developer has known this since the very first androids rolled out.

Re:"Flaw"? (1)

kllrnohj (2626947) | about a year and a half ago | (#42901681)

Except your analogy is off by one. In this case:

store you're buying from == app developer
credit card processor == google checkout

You aren't buying from Google, Google is merely handling the credit card processing. Just like hundreds of thousands of stores offload their credit card processing to 3rd party companies.

Is it stupid? Yes, definitely. But it's doing the same thing the rest of the world does, with the exception of Apple.

Re:"Flaw"? (4, Insightful)

node 3 (115640) | about a year and a half ago | (#42900863)

Coke doesn't get my name when I buy their products in a store or at a restaurant. Levi doesn't either. Nor does Adobe when I buy their software at Best Buy. Or Lenovo or Microsoft or Sony. Neither does Rovio when I buy their apps on the App Store.

The problem here is that Google really doesn't care at all about privacy. It's not part of their corporate culture, and it can't be, when their entire business model is centered around exploiting data, not protecting it. Primary to any Google service is Google's wholesale commercial access to every bit of data you provide. Privacy is then applied secondarily, usually in the sense of keeping the personal data within Google's proprietary control, and only releasing aggregated and somewhat anonymized data to third parties, but that's just an afterthought. It's window dressing to make the initial privacy violation more digestible. Which for most of us here, it is... up to a point.

There are many things to like about Google, and I'm sure many here will (quite hypocritically) give up privacy in order to keep using the things they do like. I have no problem with this tradeoff if made knowingly, though it is annoying to hear people harp on with Benjamin Franklin quotes, then sell him down the river as fits their fancies.

It's things like this which makes Apple's system so appealing for many. With Apple, you can trust that your privacy is an inherent part of the system. With Google, you privacy is inherently compromised from the get-go. Even MS is miles ahead of Google with regards to privacy, and MS has historically been one of the most cynically profit-driven companies to ever exist!

Anyway, to your point, the developers already have my money. That's all they deserve from the transaction. If they want my name, email address, and location, they can ask for it. And if I'm willing to grant it, they can have it. Otherwise, they'll just have to settle for my money, which should be more than sufficient. If it's not, they can raise their prices, as I'd much rather pay up front for the things I use, rather than be on the hook with hidden costs that, unlike my checkbook, are often out of my control.

Re:"Flaw"? (0)

Anonymous Coward | about a year and a half ago | (#42901329)

There is nothing google provides that you cannot get elsewhere. Other than the sense that someone's watching you, of course.

Re:"Flaw"? (0)

Anonymous Coward | about a year and a half ago | (#42901527)

XMFD @ trusting Apple over Google. They're both interested in your data for a variety of reasons. Get your head out of the sand.

You're kidding yourself (1)

aybiss (876862) | about a year and a half ago | (#42901575)

All arguments about this particular situation aside, it's stupid to point your finger at a particular technology company and say "bad privacy!!1!".

Your credit card company knows what you buy and where you live. The checkout chick at Woolies/Kmart/Whatever can know your name when you hand over the card. eBay has a record of everything you've purchased (and when, and from whom...). Anyone at all you've dealt with could be storing your previous address. Need I go on?
 
...and don't even get me started on store loyalty cards!

I thought it was creepy, yeah... (4, Insightful)

seebs (15766) | about a year and a half ago | (#42900489)

It did seem a little... more information than I really needed, yes.

I sort of assumed everyone knew, because when has Google ever cared about privacy?

Re:I thought it was creepy, yeah... (2, Insightful)

BasilBrush (643681) | about a year and a half ago | (#42900619)

Indeed, I can't say I'm surprised. Google has no respect for privacy, and that's the reason I don't use any of their products any more.

Re:I thought it was creepy, yeah... (-1)

Anonymous Coward | about a year and a half ago | (#42901117)

So how do you search for stuff online?
Bing uses Google, and Yahoo and DuckDuckGo use Bing.
What obscure search engine are you using?

Re:I thought it was creepy, yeah... (2)

sqrt(2) (786011) | about a year and a half ago | (#42901551)

That's the first I've heard of DDG being a Bing intermediary. Even if they are, what does it matter if my queries are anonymized?

Re:I thought it was creepy, yeah... (-1, Flamebait)

MrHanky (141717) | about a year and a half ago | (#42901239)

Actually, you never cared that much about privacy either, but since you're a massive Apple fanboi, you feel the need to rip into their main competitor for whatever reason.

this is stupid (2, Insightful)

Anonymous Coward | about a year and a half ago | (#42900503)

literally every single person that's ever sold at least one app on the app store since the beginning of the app store has "discovered" this

Re:this is stupid (4, Insightful)

the computer guy nex (916959) | about a year and a half ago | (#42900529)

literally every single person that's ever sold at least one app on the app store since the beginning of the app store has "discovered" this

The problem is literally (almost) every single person that has ever purchased an app doesn't know this, and those people outnumber the developers.

No reason for him != No reason for any developer (1)

Dynedain (141758) | about a year and a half ago | (#42900515)

no reason for any developer to have this information at their finger tips.

No reason of course unless you want to be able to verify the app purchase before providing support.

But considering how many malicious or spoof apps have been on the Android store, I'd be worried too.

Does not help with that (2)

SuperKendall (25149) | about a year and a half ago | (#42900623)

No reason of course unless you want to be able to verify the app purchase before providing support.

Many people sent up junk email accounts specifically for using with things like app stores - you cannot rely on the email the user bought under being the one they would use for support.

But really the concept of checking is outmoded - real customer service is helping whoever asks, however they came by the app. If you have an overload of customer support then it probably means you need better app design, not more ways to put gates up in front of people using your app that need help.

As an iOS developer I've never been bothered by not being given customer contact info from Apple, because if they like your app enough they will give that information freely. You just have to provide some means to collect it.

Re:Does not help with that (2)

Dynedain (141758) | about a year and a half ago | (#42900807)

Many people sent up junk email accounts specifically for using with things like app stores - you cannot rely on the email the user bought under being the one they would use for support.

When a support request comes in, you can ask "what email address do you use for your Google Play account" and move on from there. It's pretty hard to ask for a serial number or other unique identifying information if the user can't get into the app.

But really the concept of checking is outmoded - real customer service is helping whoever asks, however they came by the app.

Tell that to Redhat or any number of open-source companies that survive on charging for support on their otherwise free product.

Re:Does not help with that (2, Interesting)

SuperKendall (25149) | about a year and a half ago | (#42901661)

When a support request comes in, you can ask "what email address do you use for your Google Play account" and move on from there.

What a great way to piss off customers. Good luck with that.

If they are asking you questions about your app pretty obviously they are users, therefore they should get help. It's called "customer service" and it pays off even if they did not pay for your app. A happy customer that didn't pay is still just as good at providing good worth of mouth for future sales.

Tell that to Redhat or any number of open-source companies that survive on charging for support on their otherwise free product.

That's a totally different case where obviously they live on support. Of course they are not going to help people for free.

No app (that I know) could possibly use support as a business model. It's a bad idea because the average user needing support means, hands down, that you failed in app design to build an app people can use.

App makers get money (currently) off ads or outright charging for the app. Either way they are better off just helping whoever asks, rather than turning people away and being miserly with advice.

The fact that you were modded up illustrates just why it's so easy for a smart app developer to make money these days, because all you have to do is build something decent and not be an asshole to your customers. That would seem to be a high bar indeed for many technical people.

Comment? No comment. (4, Interesting)

ljw1004 (764174) | about a year and a half ago | (#42900537)

From the article:

Google has not responded to news.com.au's request for comment.
UPDATE: This story has been amended at the request of Google.

So has Google responded or not?

Re:Comment? No comment. (1)

MikeBabcock (65886) | about a year and a half ago | (#42900611)

The author of the article points out that Google didn't like the term 'flaw' in the title and beginning of the article, that's all.

Re:Comment? No comment. (0)

Anonymous Coward | about a year and a half ago | (#42901003)

That's 'all'?

Just journalistic integrity.

Re:Comment? No comment. (3, Interesting)

gstoddart (321705) | about a year and a half ago | (#42901215)

The author of the article points out that Google didn't like the term 'flaw' in the title and beginning of the article, that's all.

Do no evil. When caught, redefine evil.

Looks like I won't be getting any more apps on my Android phone, because I did not consent to that data being provided to anybody other than Google, and where I live, that's illegal.

Re:Comment? No comment. (1)

Guppy06 (410832) | about a year and a half ago | (#42901309)

"It's not a bug, it's a feature!"

--Google.

Re:Comment? No comment. (3, Informative)

CanHasDIY (1672858) | about a year and a half ago | (#42900615)

Author comment from TFA:

For the people asking how the story was amended: Despite the fact that Google refused to comment on the record, I was asked to change the headline (both the homepage headline and SEO headline inside the story), as well as the standfirst and lead (first paragraph). Google's issue was with the use of the word "flaw". Apparently a system that is designed to share users information with developers without their knowledge or permission and without explicitly saying so in any terms of service is not considered to be a flaw. I have no problem amending stories if they are factually incorrect but the fact is neither developers nor customers were aware of this information sharing and Mr Nolan is not the only developer to express concern over having this information at his disposal. There's little reason app developers should have this information. If Google was going to share this information they should have been clear about this from the start. Hope this clears things up.

Re:Comment? No comment. (1)

EasyTarget (43516) | about a year and a half ago | (#42900773)

... without their knowledge or permission and without explicitly saying so in any terms of service...

What is the betting the terms of service implicitly say they can share purchaser data with the developers. And the above line is relying on purchaser ignorance and the word explicit to worm around this.

Re:Comment? No comment. (1)

tipo159 (1151047) | about a year and a half ago | (#42900669)

From the article:

Google has not responded to news.com.au's request for comment. UPDATE: This story has been amended at the request of Google.

So has Google responded or not?

That would indicate that Google has not issued a public comment in response to the story. That doesn't preclude Google from reviewing the story and requesting a change.

How is this a big deal? (2)

MikeBabcock (65886) | about a year and a half ago | (#42900603)

Alright, so the Play Store should probably tell you that your personal information is about to be given to whomever you purchase an app from, but seriously, this is already true for every Paypal or credit card purchase you've ever made too.

Re:How is this a big deal? (1)

Anonymous Coward | about a year and a half ago | (#42900911)

Right, if it would be Apple it would be called adressgate.

gSheep apologists. Fandroid relativization at it's finest. Hypocrites.

Re:How is this a big deal? (3, Informative)

TraumaHound (30184) | about a year and a half ago | (#42900931)

this is already true for every Paypal or credit card purchase you've ever made too

It's not true (and shouldn't be true) for digital purchases. Apple doesn't provide developers with any personal customer information for app purchases. Valve doesn't for Steam purchases. Amazon doesn't for digital software purchases. Microsoft doesn't for app or Xbox purchases.

Google is unique in this regard and not in a good way.

Re:How is this a big deal? (1)

fermion (181285) | about a year and a half ago | (#42901031)

I can see how my name and email would be sent to developers on the Google Store. It is not like iTunes where Apple controls everything. However, why my adress? When I download something, there has to be an adress associated with my credit card, but I assume that information is not kept on file. When I use a credit card at a random brick and mortar merchant, they make check my ID, but there is not expectation that the sales person is memorizing my personal information and writing it down as I leave.

I am not delusional to think I am so important or attractive that someone having my address will lead to stalking or criminal activity, but most of us do not broadcast our address in this manner. It is one big advantage of not having a land line.

It is just another example of Google being a bit too free with personal information.

Re:How is this a big deal? (0)

Anonymous Coward | about a year and a half ago | (#42901683)

Yeah but what you buy via Paypal or CC doesn't carry the potential to continually track your life and otherwise invade your privacy like a smartphone app can. It really is different.

Imma writing a new app (0)

sl4shd0rk (755837) | about a year and a half ago | (#42900607)

called.. HotChicksOnly

Imma nota falla for that again (-1)

Anonymous Coward | about a year and a half ago | (#42900775)

Imma seeing reviewsa they fatta and hava penis

You should see what itunes gives to app developers (0)

Anonymous Coward | about a year and a half ago | (#42900621)

It's even worse.

Re:You should see what itunes gives to app develop (0)

Anonymous Coward | about a year and a half ago | (#42901053)

Yeah they get nothing.

What About Freebies (2)

CanHasDIY (1672858) | about a year and a half ago | (#42900633)

The article states several times that this applies to paid-for apps, but what about free ones?

Re:What About Freebies (1)

Megahard (1053072) | about a year and a half ago | (#42900701)

I don't think so, I have a free app and there's no merchant account section in my google play account as described in TFA.

Re:What About Freebies (2)

Niris (1443675) | about a year and a half ago | (#42900879)

Yeah it only shares that information if you're selling a paid app. For free apps, it just sits in your development console and you see how many are installed/downloaded each day.

Re:What About Freebies (1)

the computer guy nex (916959) | about a year and a half ago | (#42900721)

The article states several times that this applies to paid-for apps, but what about free ones?

Downloading a free app does not transmit this information to the developer.

Problem is Google Checkout was rigged on top of Google Play. Was rushed out to follow the App Store. It has never been optimized for digital purchases.

That Depends (0)

Anonymous Coward | about a year and a half ago | (#42901025)

They share information regardless of the app's cost.

Your question should be: is the account you are using an anonymous throw away account, for free apps? If so, it doesn't matter if they share.

Or, are you using a personally identifiable account with real information and a credit card number? If so, you may take issue with the sharing, as I do.

And this is a surprise how? (2, Informative)

dryriver (1010635) | about a year and a half ago | (#42900663)

Google logs the private search data of billions of people across the world, and voluntarily pipes all of it to various 3 letter agencies in the U.S. ---- Google has no understanding of what privacy is, had not had an understanding of what privacy is, and will likely never have an understanding of what privacy. ----- Google is a spying machine disguised as a useful search engine. Period. ----- None of what they are doing on their app store is thus terribly surprising. Google suxxors at protecting your privacy. Something we all have to live with (... and the reason I personally don't use Google's services anymore).

Re:And this is a surprise how? (1)

93 Escort Wagon (326346) | about a year and a half ago | (#42901111)

I take issue with your statement "Google has no understanding of what privacy is". They understand it perfectly well, and know that it gets in the way of their business model.

Re:And this is a surprise how? (1)

SirGarlon (845873) | about a year and a half ago | (#42901599)

Google has no understanding of what privacy is,

On the contrary, Google knows exactly what privacy is, and their entire business model is built around making sure you don't have it.

Re:And this is a surprise how? (4, Informative)

kllrnohj (2626947) | about a year and a half ago | (#42901609)

and voluntarily pipes all of it to various 3 letter agencies in the U.S

Bull. Fucking. Shit.

Google only hands over data when legally required to and documents complied requests publicly: http://www.google.com/transparencyreport/userdatarequests/ [google.com]

And FYI, every web server logs every request you make - that's web server admin 101.

I'm prepared for just such a situation (3, Insightful)

Trax3001BBS (2368736) | about a year and a half ago | (#42900693)

http://www.fakenamegenerator.com/ [fakenamegenerator.com] I just keep re-rolling until I get a zip code that's close.
Then use that information to fill out forms and accounts; keeping it on file for future reference.
My security doesn't stop at a HOSTS file and malware protection. But I use Gmail for
all of these accounts so it's not perfect.

Stupid (-1)

Anonymous Coward | about a year and a half ago | (#42900703)

This is not news, this is simply stupid. Of course devs get details of THEIR PAYING CUSTOMERS, what's wrong with that?

Re:Stupid (1)

CanHasDIY (1672858) | about a year and a half ago | (#42900825)

This is not news, this is simply stupid. Of course [Your Local Sleazy Porn Store] get[s] details of THEIR PAYING CUSTOMERS, what's wrong with that?

Do you really need me to explain it?

Re: Stupid (1)

cyber-vandal (148830) | about a year and a half ago | (#42900865)

Why do they need my name and address? They're not shipping me anything.

Re: Stupid (1)

godrik (1287354) | about a year and a half ago | (#42901711)

Why do they need my name and address? They're not shipping me anything.

I wish they [google.com] did!

Cloud computing (1)

andrew3 (2250992) | about a year and a half ago | (#42900711)

And the culprit here is... cloud computing (or clown computing). It's absurd that you have to give up your identity to download software in the first place. Because Google is in charge of the data, they can do what they want.

I'm sure now that it's been pointed out they will fix it, to keep the users happy. But that's besides the point. None of those users gave their own data to the developers. Users deserve better!

Clown computing (0)

Anonymous Coward | about a year and a half ago | (#42900851)

And the culprit here is... cloud computing (or clown computing)

Holy shit! That is the most relevant, creative pun I've ever heard! It makes sense because we're all clowns! Using computers! You deserve the king of puns award!

Like giving Sony my info for buying at Best Buy. (3, Interesting)

concealment (2447304) | about a year and a half ago | (#42900713)

What I think many commentators are missing is that Google, as the actual seller of the app, is like a retail outlet. The app developer is selling through Google, not directly.

What Google is doing here is like Best Buy sending my information to Sony if I purchase a Sony camera at Best Buy.

I hope they stop this leaky, unpredictable practice. It's counter-intuitive to what the buyer rightfully expects, which is that their information is exposed to the primary seller only (Google) and not secondary providers like the app developers.

Seems legit (4, Insightful)

Animats (122034) | about a year and a half ago | (#42900765)

I'm not sure I see a problem here. The seller is told who the buyer is. That's reasonable enough. It also keeps Google honest with respect to sellers - you can have some people make test buys and make sure that Google pays you for them.

I'm generally critical of Google's non-approach to non-privacy, but here, there's a real transaction, with money.

Re:Seems legit (2)

NatasRevol (731260) | about a year and a half ago | (#42901131)

I don't know why I need to keep repeating this.

Can you please explain to me why you need my physical address to sell me an app?

Re:Seems legit (1)

markana (152984) | about a year and a half ago | (#42901619)

Because if the app developer has a presence (or lives in) in a state (such as Washington) that collects sales tax, and the customer lives in that state, the *developer* is *required* to collect sales tax based on the location of the customer.

Developers do not get the address of the customer - only the city/state/zip. Which is hopefully granular enough to handle the numerous little taxing districts.

It would be nice if Google handled allof the sales/vat tax stuff, but they don't.

This is new? (5, Informative)

Niris (1443675) | about a year and a half ago | (#42900797)

Wait, this is new? I released my first paid app in November, and the only information you get is email, zipcode/city and name. I've been using the zipcode information to put pins in a map to see everywhere in the world I've sold to, heh.

i use it to find and kill anyone who writes a bad (5, Funny)

alen (225700) | about a year and a half ago | (#42900813)

review

i don't tolerate any bad reviews on my apps. i either kill them myself or take a hit out

The biggest surprise... (0)

Anonymous Coward | about a year and a half ago | (#42900907)

...is how many people here on slashdot are posting that this isn't a big deal or it is to be expected.

I didn't realise this was a secret (4, Interesting)

Bogtha (906264) | about a year and a half ago | (#42900925)

I understand that it might not be immediately obvious, but I don't think this was a secret by any means. It uses Google Wallet for payments, which is essentially Google's answer to PayPal, and this gives your contact details to the person you are buying from. The first time I bought anything from Google Marketplace, I received a confirmation email from the developers themselves, it never occurred to me that people might not realise this.

I can see both sides of the argument. I've seen what happens when developers don't have this information, such as with Apple's App Store - it's very frustrating as you want to reach out to customers that have had problems and posted negative reviews to try to solve their problem and prevent it from happening to anybody else, but you've got no way of contacting them.

On the other hand, I've been spammed by people I've bought goods from through Amazon's Marketplace, so I'm not keen on that happening again. The ideal solution would be for Google to provide a forwarding, anonymised email address to the developers, like Facebook do with Facebook app developers.

ANCIENT NEWS (2)

Lawrence_Bird (67278) | about a year and a half ago | (#42900985)

Gotta love the Google hate....

http://www.larrysworld.com/2011/02/21/publishers-worry-about-apples-subscription-service/ [larrysworld.com]

This has been this way a long time. And even "larry's world" gets the 3rd party amazon stuff not quite right - your details do get passed along if Amazon does not handle the fulfilment.

Re:ANCIENT NEWS (1)

Luthair (847766) | about a year and a half ago | (#42901259)

I really wish Amazon had a global setting which would allow me to disable 3rd party store results, not only does it clutter search results with duplicates, I came to purchase from Amazon, not Lou's Discount Bin.

Tcu3girl (-1)

Anonymous Coward | about a year and a half ago | (#42900995)

herek, but what is are about 7000/5 ano7her troubled

Counterpoint: Supporting your customers. (0)

Anonymous Coward | about a year and a half ago | (#42901007)

http://marketingland.com/why-im-glad-google-play-gives-developers-customer-data-33431
As this developer states, he'd much rather have that kind of information than the fumbling around in the dark through Apple's filters.

"I want to be able to service my customers, and yes, they are my customers, not Google’s and not Apple’s customers. They download our products. They call the developer with questions. We provide them the tools and the content. They are our customers.
Apple doesn’t tell us who our customers are, and when we need that information to verify ownership or to give refunds, we are left with blindfolds on."

mis-information (1)

dajjhman (2537730) | about a year and a half ago | (#42901091)

slashdot excerpt states it sends the developer the user's address, when the article states it only sends the "suburb" (or ZIP code for us in the US and such). I see no problem with this, it's no more than basic demographics information and email/name for customers of all digital goods. Digital purchases have always had information like this sent to the party who manages Support/Problems. This is not like going into a grocery store and buying ketchup. If that ketchup bottle was already opened/expired, you complain to the store and get a new one without involving the manufacturer. If an Android app doesn't work, you don't complain to Google, you complain to the developer. If they gave the developer an actual address to your front door, that would be different. But ZIP codes and suburbs have been standard information in demographics for years (as a merchant using both in-person credit card transactions, and online transactions via other services, this is nothing new). Even my phone credit card processor gives basic information, and even can link it to their contact information in my phone if I ever shared correspondence.

this is simply not true (5, Informative)

spottedkangaroo (451692) | about a year and a half ago | (#42901097)

You do get name, city name, and zip... you do not get an address. That's simply false.

This is ABSOLUTELY needed. (2, Informative)

musixman (1713146) | about a year and a half ago | (#42901513)

Every app developer purchases traffic via banners / text links to promote their app. Without this campaign data being passed along there is no way to tell the conversion ratios! Very very serious

Inaccuracies in the article! (4, Informative)

Agent0013 (828350) | about a year and a half ago | (#42901521)

I am a Google Play developer. I have noticed that I get the names, email, and location of the purchases. This does not include the address though. Only the town, zip, and country. I have looked back at old records and see the email address listed in the purchase records, but I seem to recall this being obscured previously. Unless I am mistaken in some way, it used to give a long apparently randomly created email address for each purchase. I had assumed that this would forward or link to their real email address through Google's records of the purchase, but it looks like they did away with that and now just have your email address listed in the purchase record.

Personally, I find no reason to have the email address. There is nothing I would want to contact them about. But the sales are in a more general form. It's actually Google Checkout that does the sales for the Google Play store. You could sell knitted sweaters through your Google Checkout account and the shipping and delivering and returns are all a part of the processing procedures. When someone cancels a Play purchase, the entry has a notice to me that I should not ship the product to them. This is even though it is an Android App that Google itself handles all the delivery of. So I can see why some contact with the buyer might be necessary in some cases, but not with a typical Play store purchase.

<Rant Begin> The people I would really like to be able to contact would be the ones who leave stupid reviews. "One Star - It really needs so and so feature!" Hey dumbass - it has that feature! Of course I am much more polite with my real communications to bug reports and such, but it amazes me how many people don't even pay attention to the hints, instructions, and preferences that I have given to make sure they see what they can change. <Rant End>

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...