Back in May last year, Google introduced a new Data Safety section for apps published on the Play Store. A feature that started appearing on actual app listings in April this year and one that will be mandatory for all apps to have soon (July 20). Now Data Safety info sections have started popping up on actual live app listings on the store, and there is something a bit concerning. Namely that the new info window seems to be taking the place of the app permission overview that all apps on the Play Store used to have.
If this sounds a bit confusing, here’s why you should care. Every app listed on the play store traditionally has an overview of the Android OS permissions it requests from the system. Things ranging from benign and obvious stuff like access to network all the way to potentially a lot more problematic and sensitive things like access to contacts, the phone’s file system or location data. This list is auto-generated by Google by scanning a developer’s app files upon submission to the store. Hence, nothing can be omitted and not disclosed to the user intentionally or otherwise.
On the other hand, the new Data Safety section is entirely populated by the developer. Google has an interface in the developer console of its Play Store that lists a whole array of personal and device data types that the developer has to go through and disclose if and how they are being handled by their app. For instance, the questionnaire might ask if our GSMArena app, for example, accesses your location and personal data (which, by the way, it doesn’t) and then, if yes, how said data is handled and whether or not it is shared with third parties. This is entirely left to the “honor system,” so to say, with Google simply outlining in its guidelines that providing false data could result in some form of punishment.
Hence while we are all for the new Data Safety information, it’s not hard to see why placing it in Play Store listings instead of app permissions overview is not an ideal practice. At the moment, this is exactly what seems to be happening. Granted, there is still time to tune this behavior and leave both pieces of data in place. Or perhaps we’re in the wrong here, and users don’t care that much about permissions? Tell us what your thoughts on the matter are in the comments.