Google sinks into Safarigate

Web giant Google has gotten themselves into more than a little hot water of late.

Google Play has been automatically transmitting personal information of American customers to the developers of Android apps they buy, according to a trade group.

Such disclosures may violate a legally binding agreement the company made with the FTC that requires Google to obtain “express affirmative consent” from a customer before divulging such data.

“I have confirmed with developers here that you can see first and last names, ZIP code, city, state and country as well as email address” of customers, said Morgan Reed, executive director of the Association for Competitive Technology, the app developers’ trade group. “This information is provided through Google Checkout, and it is not information the developer ever requested from the purchaser directly.”

A Google spokeswoman declined to comment Wednesday.

Last year, Google drew attention for violating many of its users’ privacy, and not just in the standard manner that various critics claim social media does routinely. (i.e. which enables Facebook, Twitter, etc., to make money.) Google effectively engaged in spying on its users in contravention of the terms that applied to its contracts with them, attracting a record-breaking (but still relatively small) $22.5 million fine from the Obama administration’s Federal Trade Commission (FTC).

Conveniently for Google– whose employees donated over $800k to Obama’s re-election campaign— the FTC also handled that matter in a way that prevents those users whose contracts were breached and whose privacy was violated by Google from suing the Internet behemoth, thus immunizing Google from being held to account for bad behavior in a more limited government, but potentially more effective fashion. (Rand Paul noted last summer that contract violations such as Google’s should not go unpunished, but that a class action lawsuit would have been the appropriate method of addressing the privacy violation in this instance).

Was that the end of it? Apparently not… and If you own an Android phone, you might want to look at this:

EVERY time you purchase an app on Google Play, your name, address and email is passed on to the developer, it has been revealed.

The “flaw” – which appears to be by design – was discovered by Sydney app developer, Dan Nolan who told that he was uncomfortable being the custodian of this information and that there was no reason for any developer to have this information at their finger tips…

Mr Nolan told that tens of millions of Google customers could be affected.

“As far as I can tell this impacts every person who purchased an app on the Play Store,” he said.

“I can’t see any way to opt out of providing that information and it seems to be a feature of the Google checkout process. I don’t know whether it applies to free apps, but there are hundreds of thousands of apps that are available for pay on the play store and there are millions of people who buy Android apps out there, I’d say easily millions or tens of millions of people.

“It’s active in every market that Google accepts payment for apps. That’s a lot of people having their personal information handed over without them knowing.” …

Google’s terms of service state that it may store your personal information including your name, address and billing details, but nowhere in its privacy statement does the company explicitly state that it passes on your personal information to developers, every time you purchase their app.

It appears from an update to the article linked that this situation has persisted since late October last year, and may be connected to the integration of Google+ into other Google properties.

What is Google doing about it? Google wouldn’t comment to the site that broke the news, so that remains unclear. However, it seems probable that the news will land the company in hot water again, with its customers, and potentially with the FTC.

Privacy and adherence to the terms of service– terms of Google’s contracts with customers– seem to be perennial problem areas for Google. As with any other breach of contract where damage has been suffered, suing them is probably fair game.