13 2 / 2013

About a month ago I put my money where my mouth was and built a version of the Paul Keating insult generator for Android (after the iOS version hit number 1 in the Australian App Store [tell your friends]). We sold a few hundred copies on Android in the last month, so that’s all good. Today I decided to log into my google play account to update my payment details. I jumped over to the ‘merchant account’ section to see the orders and realised one absolutely insane thing.

If you bought the app on Google Play (even if you cancelled the order) I have your email address, your suburb, and in many instances your full name. Each Google Play order is treated as a Google wallet transaction and as such software developers get all of the information (sans exact address) for an order of an app that they would get from the order of something physical. Even underneath the order information there is a flag that says ‘Email Marketing’ with a value next to it, because of course scrupulous developers would always obey that flag.

Let me make this crystal clear, every App purchase you make on Google Play gives the developer your name, suburb and email address with no indication that this information is actually being transferred. With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase. The problems on android of app permissions (and subsequent potential for malware aside) is one of active negative behaviour on the part of an app developer. This isn’t. This is a massive oversight by Google. Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it and it’s made crystal clear to them that I’m getting this information. This is a massive, massive privacy issue Google. Fix it. Immediately.

  1. mrdanielbang reblogged this from phetdreams
  2. macbookismydream reblogged this from phetdreams
  3. nancym reblogged this from phetdreams
  4. stuckindeconstruction reblogged this from phetdreams
  5. dailylicious2 reblogged this from phetdreams
  6. alanaktion reblogged this from phetdreams
  7. vikanews reblogged this from phetdreams
  8. lutronhill reblogged this from phetdreams
  9. daftmongrel reblogged this from weedandpoker and added:
    wow. this is a huge problem
  10. weedandpoker reblogged this from phetdreams
  11. moonshotmusic reblogged this from phetdreams
  12. michido reblogged this from phetdreams and added:
    Let me make this crystal clear, every App purchase you make on Google Play gives the developer your name, suburb and...
  13. talachem reblogged this from phetdreams and added:
    “Don’t be evil” gehört leider schon lange der Vergangenheit an.
  14. forsgren reblogged this from phetdreams and added:
    Awesome. Don’t
  15. ferngirl reblogged this from phetdreams and added:
    …”Don’t be evil.”
  16. tylernol-org reblogged this from phetdreams
  17. heavyweaponsgirl reblogged this from oliyoung
  18. evandrix reblogged this from phetdreams
  19. elysiane reblogged this from phetdreams and added:
    “Don’t be evil” amirite?!
  20. oliyoung reblogged this from phetdreams
  21. lucasbfr reblogged this from phetdreams
  22. jfinterest reblogged this from phetdreams
  23. kinghfb reblogged this from phetdreams and added:
    Terrifying, but not totally unexpected....device (I don’t own) removed
  24. privacyusa reblogged this from phetdreams
  25. 10rdben reblogged this from phetdreams
  26. quantumfireball reblogged this from phetdreams
  27. thetechstormtoo reblogged this from phetdreams
  28. timeimp reblogged this from phetdreams
  29. burntbrain reblogged this from thewetmale
  30. mnmaltech reblogged this from phetdreams and added:
    Makes me want to take a serious look at Amazon’s app store for future Android purchases.
  31. localisedinfamy reblogged this from phetdreams
  32. beaugiles reblogged this from phetdreams