{"id":19919,"date":"2022-08-12T13:14:49","date_gmt":"2022-08-12T09:14:49","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/data-safety-in-google-play\/19919\/"},"modified":"2022-08-12T13:15:05","modified_gmt":"2022-08-12T09:15:05","slug":"data-safety-in-google-play","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/data-safety-in-google-play\/19919\/","title":{"rendered":"Data Safety instead of App Permissions"},"content":{"rendered":"

Starting July 20, all developers who publish Android apps in the Google Play store must detail what data they collect and how they use it. However, this undeniably positive innovation has been rather overshadowed by the forces of \u201coptimization\u201d: now, before installing an app, you have no way of knowing what data sources it\u2019s tapping. We give a brief overview of what\u2019s changed and explain how to assess the risks to your privacy going forward.<\/p>\n

What\u2019s changed<\/h2>\n

\nIn April of this year, Google implemented<\/a> a new feature on Google Play to allow developers to specify what data apps collect and for what purposes. As of July 20, this option<\/em> became mandatory<\/em>: developers that don\u2019t add such descriptions risk having their apps removed from the store.<\/p>\n

This description in the special Data Safety section on Google Play looks something like this:<\/p>\n

\"The<\/a>

Information about collected data can be viewed directly on Google Play before installation<\/p><\/div>\n

You can also see a detailed list of collected data:<\/p>\n

\"The<\/a>

Developers are now required to disclose what data they collect<\/p><\/div>\n

This positive change follows a similar move by Apple. Before, Google allowed you to assess an app\u2019s interest in your personal data only indirectly \u2014 by examining the list of permissions it requested. In the app settings in Android, these permissions look as follows:<\/p>\n

\"App<\/a>

Permissions describe the specific sources on your phone that the app will collect data from<\/p><\/div>\n

Sometimes it needs permissions to function properly. For example, you can grant a mail app access to your contacts list. But you don\u2019t have to! And remember, most permissions given to apps can be revoked at any time. But don\u2019t be surprised if some features no longer work afterward.<\/p>\n

On July 13, shortly before the introduction of the new rule for developers, someone tweeted<\/a> about a small but significant change: the new Data Safety section was added in the app descriptions, but the app permissions list was removed at the same time. A somewhat controversial move, it can surely be said.<\/p>\n

Why Data Safety is no substitute for App Permissions<\/h2>\n

\nSure, the new section in the description can help you decide whether or not to install the app. For example, if a simple tool wants your name, e-mail address and access to photos, it makes sense to look for another one that will do the same job without asking for anything.<\/p>\n

However, Data Safety and App Permissions are not quite the same thing. The former addresses the question: What data will be collected? The latter specifies the sources of this data. This can be important for assessing how critical this data collection is for you. Let\u2019s say that information about your contacts can be collected from your friends list in the app itself, or from the contacts list on your phone. Clearly, these can be very different lists \u2014 just imagine, for example, it\u2019s an online dating app.<\/p>\n

And most importantly: Permissions in the description on Google Play were prescribed automatically, based on the actual features of the app in question. The Data Safety section, on the other hand, is filled out by the developers themselves, manually. Google can only hope they will do so in good faith.<\/p>\n

How to live with the changes<\/h2>\n

\nThe purpose of the Data Safety section is to provide users with more information about how apps affect privacy. At the same time, however, Google has reduced the amount of information for assessing this. When browsing apps on Google Play, you will no longer be guided by questions like \u201cWhy does an alarm clock need access to my photos and location?\u201d Such data is no longer provided.<\/p>\n

That said, for clarity\u2019s sake, we should point out that only the list of permissions in the app descriptions on Google Play has disappeared. The Android permissions mechanism has not gone anywhere. As before, you can still permit or forbid an app to access certain sources of information within the operating system: camera, geolocation, contacts list, etc.<\/p>\n

Therefore, we recommend a two-step procedure for assessing the potential privacy risk on Android. First, take a close look in the Data Safety section on Google Play at what data the app will collect about you. If you\u2019re happy, install the app, then check what permissions it wants after installation. If something doesn\u2019t feel right, don\u2019t give unnecessary access to your data (or revoke it if already granted).<\/p>\n

Bear in mind that neither Android\u2019s existing privacy controls, nor the above-described innovation will solve the (albeit rare) problem of malware on Google Play. Therefore, as ever, we advise installing a reliable security solution<\/a> on your Android smartphone.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Google Play\u2019s app descriptions have a new Data Safety section now. We explain why this isn\u2019t such great news.<\/p>\n","protected":false},"author":665,"featured_media":19922,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1225],"tags":[105,183,1825,43],"class_list":{"0":"post-19919","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"tag-android","9":"tag-google-play","10":"tag-permissions","11":"tag-privacy"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/data-safety-in-google-play\/19919\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/data-safety-in-google-play\/24453\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/data-safety-in-google-play\/10058\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/data-safety-in-google-play\/26894\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/data-safety-in-google-play\/24802\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/data-safety-in-google-play\/25173\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/data-safety-in-google-play\/27507\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/data-safety-in-google-play\/27165\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/data-safety-in-google-play\/33806\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/data-safety-in-google-play\/10929\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/data-safety-in-google-play\/45116\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/data-safety-in-google-play\/19286\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/data-safety-in-google-play\/19858\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/data-safety-in-google-play\/29154\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/data-safety-in-google-play\/25342\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/data-safety-in-google-play\/30858\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/data-safety-in-google-play\/30565\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/android\/","name":"Android"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19919","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/665"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19919"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19919\/revisions"}],"predecessor-version":[{"id":19921,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19919\/revisions\/19921"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19922"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19919"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19919"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}