Google has announced that it has beefed up its efforts to keep Android users safe by expanding the enforcement of its Unwanted Software Policy. If an app continues to stray from the policy, users are likely to see its Safe Browsing full-page warnings, which will probably drive users away from the offending software. And if the data collected by this app doesn't relate to its functionality, the app will have to explain how this data will be used, after which the user can provide his/her consent. In the case of apps that are made available through other software repositories, Google says that the warning will be added to an app's website instead. Nonetheless, many users regularly use external app stores and direct download sites to acquire new apps, potentially putting their device at risk.
"These data collection requirements apply to all functions of the app". This covers anything from location data to crash reports, which often include a list of apps the user has installed.
The changes reflect an update in August to the Personal and Sensitive Information section of Google's Developer Policy Center.
The affirmative consent request dialog needs to be presented in a clear and unambiguous way. Notably, these new guidelines will prevent apps from collecting user data which is not necessary. The apps will be considered to violate Google's policy if they don't follow the rules for prominent disclosure. This will help to crack down on malicious apps, including those from third-party sources that would previously go unnoticed by the Safe Browsing service.
The OS maker is giving app developers 60 days to fix their issues and update apps with notifications of their full practices.