SUMMARY
Google has announced the timeline for implementation of new privacy and data security measures for all Android apps
Starting Q2 2022, new app submissions and app updates must include information around data collection, encryption and other safety features
The policy is expected to impact several Indian apps, particularly those in the lending tech category, where data collection is rampant and often unchecked
Tech giant Google has announced a slew of privacy measures for developers on the Google Play Store that will require them to explain how user data is being used in Android apps. Google released a blog post detailing the future of privacy on Android and how developers need to ensure transparency in how user data is used.
These measures will include details of encryption in apps, data usage, the extent of data collection and safety credibility of the app. The new rules are expected to be implemented later this year.
“Today, we’re pre-announcing an upcoming safety section in Google Play that will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security,” wrote Suzanne Frey, VP product for Android security and privacy at Google.
Among other things, the disclosures from app developers have to clarify whether:
- The app has security practices, like data encryption
- The app follows Google’s Families policy for shared usage
- The app needs data to provide basic services or whether users can opt-out
- The app’s safety section is verified by an independent third-party
- The app enables users to request data deletion, if they decide to uninstall
All apps on Google Play — including Google’s own apps — will be required to share this information and provide a privacy policy.
Frey added simple ways to communicate app safety help users to make informed choices about how their data is handled. Developers would also need to give additional context to explain data use and how safety practices could affect the app experience.
“Among other things, we’ll ask developers to share what type of data is collected and stored: Examples of potential options are approximate or precise location, contacts, personal information (e.g. name, email address), photos & videos, audio files, and storage files. How the data is used: Examples of potential options are app functionality and personalization,” wrote Frey.
Google Play will introduce a policy that requires developers to provide accurate information. Developers would be responsible for the information disclosed in their section, similar to details such as app screenshots and store descriptions. Developers misrepresenting the data provided or in violation of the policy, will be asked to fix the app. Apps that don’t become compliant will be subject to policy enforcement or suspensions
Google said that starting Q2 2022, new app submissions and app updates must include this information. In Q3 of 2021, the policy will be “available” for the public and developers to read. In the fourth quarter of 2021, developers will be able to start declaring information in the Google Play Console as outlined in the policy. In the first quarter of 2022, users in the public will begin to see the new safety section in Google Play. At some point in the second quarter of the year 2022, Google will set a deadline for all new and existing apps to declare the information outlined above.
What It Means For Fintech Cos
Google’s announcement comes on the heels of Apple’s update with iOS 14.5 called App Tracking Transparency (ATT) that lets you block apps from tracking your online activities.
The new update is expected to impact several Indian apps, particularly those in the lending tech category, where data collection is rampant and often unchecked. These lending apps have so far been heavily reliant on data collection to furnish loans and other financial services.
Over the past year, the Google Play Store has come to receive flak for allowing rogue lending apps to run wild without any strong checks on how they are leveraging or using user data.
For instance, during the 2020 Covid-19 lockdowns, payday loans witnessed increased demand in India. However, most of the ‘predatory’ digital lenders did not comply with the moratorium period observed by other legitimate lenders and credit card issuers. Consequently, the Reserve Bank of India (RBI) alerted borrowers after receiving several complaints about ‘predatory’ lending apps and directed online lenders to display their NBFC/bank partnerships upfront on websites and apps.
Such lending platforms and loan apps in India have come under greater scrutiny over the past few months for their methods, including tracking of user activity on mobile, harassing contacts sourced from their devices, their location, aggressive collection tactics, and alleged misuse of borrowers’ data, highlighting the risks of driving financial inclusion with newer technologies. Google said it had reviewed hundreds of lending apps in India and removed over 500 apps that violated its terms on loan tenure. Google reportedly wrote to online lenders on the Play Store to share their NBFC/bank credentials and also delisted any app with a loan tenure below 60 days.
Google’s latest move to check the extent of data collection, follows a similar update in April which aimed to stop an app’s access to the user’s installed app inventory on an Android device until it impacts its ability to undertake core user-facing functions. Google explained that the step is taken in line with its existing policy as Google Play regards a device’s inventory of installed apps from a user’s device as personal and sensitive information.
In case the app meets the policy requirements for acceptable use of the app inventory, they are required to declare the high-risk permissions using the Declaration Form in the Play Console. If apps fail to meet policy requirements or developers do not submit a Declaration Form, the app may be removed from Google Play. The declaration must be revised and updated with accurate information in case there are changes to comply with the policy changes.
However, it is important to note that fintech apps, especially those in the digital lending space utilise the installed app inventory to a great extent in order to offer unsecured loans. With over 95% of Indian smartphone users using Android, fintech apps have a massive dependency on the Play Store. At the same time, these policy updates are likely to prompt greater transparency and user friendly product design.
