Mobile App Security & Google's Data Safety Launch - Yay or Nay?

Internet and software giant Google recently recalibrated how it categorizes its Playstore apps. Google's Android applications are tagged with a version of 'nutrition labels' based on the security practices and the data they collect from users to share with third parties. 

The recently announced Google Play's Data Safety section goes into action from July 20th. Developers who want to legitimize their apps within the Android app store must comply with the privacy-oriented mandates to make the most out of the Playstore marketplace.

This move parallels Google's competitor, Apple, who introduced privacy labels within the iOS app store. However, this continues to be a data-driven effort by Google to bring about transparency and data security to their platform. 

Android developers are making unique, forthright cases to collect specific user data. Such data pertains to personalized services to improve the service itself and meet user-centric demands. 

The user better understands the applications they download and the risks associated with each label. 

Top Features of Data Safety by Google

Here's a summary of Google Play's Data Safety section:

It tells users and developers the type of data collected and the purpose of its usage.
Do third parties use the collected data? 
Outlines the security practices followed by the apps. These relate to in-transit data encryption policies and how users can request data deletion.  
Users can further understand how apps adhere to the Google Play family policies to protect children on the Playstore.
Validation of security practices against global standards such as the Mobile Application Security testing Assessment.

What Does This Mean for Developers?

It helps the developer:

  • To peruse and comprehend the clauses of the Data Safety form in the Play Console. After that, it's essential to comply with the User Data policy before releasing your app on the Google Play Store. 
  • The Data Safety form is essential to facilitate the privacy policy. This ensures that the policy details are transparent for users. 
  • Developers should re-evaluate the application's data and how it is shared while complying with security practices. It is imperative to check the declared permissions and APIs security testing before the app launch. 
  • Developers with integrated third-party libraries or SDKs must review how the app collects and shares user data.
  • The developers must guarantee code compliance with the Play Developer Program Policies.
  • The Data Safety form for the application must reflect all details belonging to any such data collection/sharing act committed by third-party code.

How To Prepare Your App for the New Data Safety Section in Google Play?

As a developer, if you are ready to launch your application on the Play Store, you need to do a few basic steps before submitting the data security form in the Play Console:

1) Start the Play Console. Head over to the App Content page under Policy.
2) It is highly recommended you read the Overview section before submitting the form. The page holds all necessary details regarding the questions asked and the information you need to submit in the different sections. 
3) Once you are finished with the Overview section, look under Data Safety and click on Start; choose Next to navigate to the next screen.
4) You can choose Yes or No in the Data Collection and Security section to check the required user data types. 
5) If you select Yes, you need to confirm the following questions by answering Yes or No:
  1. i) Is your data encrypted when in transit?
  2. ii) If users are requesting data deletion on your app, then: 
6) Choose Next and repeat for all user data types. Completing this section is mandatory for Google Play's Data Safety section compliance. Choose Next again to progress ahead.
7) Declare how the collected data is used for every user data type collected or shared. Answer the questions for each type by choosing Start
8) Choose Next again when you're finished. Of course, you can revert these changes if you have committed a mistake.
9) Review the information you have just shared in the Store listing preview section. It shows how the data appears to users. You can select Back to alter your answers or hit Submit to confirm.

What Does Google Play’s Data Safety Section Mean for App Users?

Users only have a vague idea about their data usage by specific applications. Google's safety initiative seeks to educate users and developers about their app's download permissions. 

The program also aims to prevent the launch of malicious Android applications onto the marketplace. 

Google Play's Store data security policies hope to prepare you, the user, for the type of personal information you're signing up for. You will have granular control over app permission features. 

The Android Privacy Dashboard lets you review these permissions extensively. 

This prevents unnecessary resource usage and unwanted distribution of information. You have pre-emptive visibility over what information you are required to share instead of finding out in hindsight. 

Google Play’s Data Safety section Vs. Apple’s Nutrition Labels for Privacy

Data Safety in Android by Google Play

Privacy Nutrition Labels by iOS

Dedicated to disclosing the reasons for which the developer is collecting the data.

More focused on what data is being collected and which apps are consuming personalized data.

Informs you about your device, data usage, and the type of data being collected by the developer. Further on, it reflects the purpose of data collection, including third-party access. 

Informs you about your device, what the developer collects, usage, and user data.

Contextually informs about the app's purpose.

Contextually informs about the features in use by the app.

Uses nutrition labels to introduce authentic contextual Data Safety disclaimers by developers.

Aims to use nutrition labels to improve app label auditing, but many have failed spot-checks.

Special provisions for family-friendly and kid-friendly apps.

Unified labelling system for all apps.

Conclusion

The privacy nutrition labels are an effort by Apple and Google to help increase trust between developers and users. They also seek to educate the users about their digital data privacy and how to protect it. 

Users and developers need to be thorough and adhere to these policies. It's imperative to understand how these application labels don't hold up in audits regarding user security.

Thus, developers need to be careful about what user data they collect and who they share it with. On the contrary, users must be vigilant and strictly practice cyber-safety habits when approving app permissions on either iOS or Android.

 

Published on May 12, 2022
Harshit Agarwal
Written by Harshit Agarwal
Harshit Agarwal is the co-founder and CEO of Appknox, a mobile security suite that helps enterprises automate mobile security. Over the last decade, Harshit has worked with 500+ businesses ranging from top financial institutions to Fortune 100 companies, helping them enhance their security measures.
Beyond the tech world, Harshit loves adventure. When he's not busy making sure the digital realm is safe, he's out trekking and exploring new destinations.

Questions?

Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now