Months after Apple’s App Store introduced privacy labels for apps, Google announced its own mobile app marketplace, Google Play, will follow suit. Today, the company pre-announced its plans to introduce a new “safety” section in Google Play, rolling out next year, which will require app developers to share what sort of data their apps collect, how it’s stored, and how it’s used.
For example, developers will need to share what sort of personal information their apps collect, like users’ names or emails, and whether it contains data from the phone, like the user’s precise location, media files, or contacts. Apps will also need to explain how the app uses that information to enhance the app’s functionality or for personalization purposes.
Developers who already adhere to specific security and privacy practices will also highlight that in their app listing. On this front, Google says it will add new elements that detail whether the app uses security practices like data encryption; if the app follows Google’s Families policy, related to child safety; if the app’s safety section has been verified by an independent third party; whether the app needs data to function or allows users to choose whether or not share data; and whether the developer agrees to delete user data when a user uninstalls the app in question.
Apps will also be required to provide their privacy policies. While clearly inspired by Apple’s privacy labels, there are several key differences. Apple’s brands focus on collecting data for tracking purposes and what’s linked to the end-user. Google’s additions seem to be more about whether or not you can trust the data being collected is being handled responsibly by allowing the developer to showcase if they follow best practices around data security. It also gives the developer a way to make a case for why it’s collecting data right on the listing page itself. (Apple’s “ask to track” pop-ups on iOS now force developers to beg inside their apps to access user data).
Another exciting addition is that Google will allow the app data labels to be independently verified. Assuming these verifications are handled by trusted names, they could help to convey to users that the disclosures aren’t lies. One early criticism of Apple’s privacy labels was that many were providing inaccurate information — and were getting away with it, too.
Google says the new features will not roll out until Q2 2022, but it wanted to announce them now to give developers plenty of time to prepare. There is, of course, a lot of ironies to be found in an app privacy announcement from Google. The company was one of the longest holdouts on issuing privacy labels for its own iOS apps, as it scrambled to review (and re-review, we understand) the labels’ content and disclosures. After initially claiming its titles would roll out “soon,” many of Google’s top apps then entered a lengthy period where they received no updates at all, as they were no longer compliant with App Store policies.
It took Google months after the deadline had passed to provide labels for its top apps. And when it did, it was mocked by critics — like privacy-focused search engine DuckDuckGo — for how much data apps like Chrome and the Google, app collect. Google’s plan to add a safety section of its own to Google Play gives it a chance to shift the narrative a bit.
It’s not a privacy push, necessarily. They’re not even called privacy labels! Instead, the changes seem designed to allow app developers to better explain if you can trust their app with your data, rather than setting the expectation that the app should not be collecting data in the first place.
How well this will resonate with consumers remains to be seen. Apple has made a solid case that it’s a company that compares user privacy and adds features that put users in control of their data. It’s a complex argument to fight back against — especially in an era that’s seen too many data breaches to count, careless handling of private data by tech giants, widespread government spying, and a creepy adtech industry that grew to feel entitled to user data collection without disclosure.