or Connect
AppleInsider › Forums › Mobile › iPhone › Google asks journalists to tone down story of "massive" Google Play security flaw
New Posts  All Forums:Forum Nav:

Google asks journalists to tone down story of "massive" Google Play security flaw

post #1 of 256
Thread Starter 
After reporting that Google Play now distributes Android app buyers' location and contact information to developers, a journalist was contacted by the search giant with a request to tone down the story, its headline and its SEO information.

News toned down by Google


Google Play's "massive oversight" in undisclosed sharing of customer data



The original story, run by Australia's News.com.au, was headlined "Massive Google security flaw puts users' details on display for all to find."

It outlined a recent policy shift at the Google Play online software and media store run for Android users, which now forwards developers the personal information of buyers, including their neighborhood and email address. The sharing of customers' data is not outlined in either Google Play's Terms of Service or in the company's privacy statement.

The undisclosed sharing was discovered by Australian developer Dan Nolan, who noted in a blog entry, "every App purchase you make on Google Play gives the developer your name, suburb and email address with no indication that this information is actually being transferred."

One risk to the undisclosed sharing noted by Nolan was that, "with the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase."

A greater risk its that, with millions of names being distributed to every vendor of paid apps on Google Play, the likelihood of a security breach through malware becomes very high. Customers who entrusted their details to Google are now having their information spread across a variety of developers who may not even have a security policy.

Nolan told the site that nobody has been talking about Google Play's undisclosed sharing because "the people who would have paid attention to it were likely exploiting it and selling users' personal information, using it as an extra source of revenue on top of what they were making off their Google Play / Android app."

He added, "This is a massive oversight by Google."

Google seeks to bury story, tone down articles and SEO on the subject



After publishing the story, News.com.au reported that "this story was amended at the request of Google. News.com.au took out the words 'massive' and 'huge' - referencing the size of the security 'flaw'. The word 'flaw' was also put into inverted commas."

Google wouldn't comment on the record, but apparently views the issue of sharing customers' data as non-newsworthy policy that shouldn't be reported as a security flaw, especially not as a serious one that users should take notice of.

The author, Claire Porter, added a comment on the story after its headline had been neutered to the nicer "Google 'flaw' puts users' details on display" that stated, "For the people asking how the story was amended: Despite the fact that Google refused to comment on the record, I was asked to change the headline (both the homepage headline and SEO headline inside the story), as well as the standfirst and lead (first paragraph). Google's issue was with the use of the word 'flaw.'

"Apparently a system that is designed to share users information with developers without their knowledge or permission and without explicitly saying so in any terms of service is not considered to be a flaw," Porter wrote.

"I have no problem amending stories if they are factually incorrect but the fact is neither developers nor customers were aware of this information sharing and Mr Nolan is not the only developer to express concern over having this information at his disposal. There's little reason app developers should have this information. If Google was going to share this information they should have been clear about this from the start. Hope this clears things up."

Developer bonus or customer privacy flaw?



Many of the user comments on the issue were found no problem with Google sending users' personal data to developers, with one complaining that the issue was just a matter of unfairly comparing Google with Apple's higher standard for security in the App Store.

Developer David Brown wrote, "Apple hide all of these details because they're control freaks! I have details of every customers I have, whether they paid through PayPal or credit card...does that mean I'll go and harrass [sic] them if they dislike my service?"

Customers have overwhelmingly chosen to buy more apps from Apple's iOS App Store than from Google Play, but this may have more to do with the selection and quality of apps available for iOS rather than an informed customer base that's done the research to know whether an online vendor is likely to share their personal data without notice or permission.

By leaning on reporters to remove unflattering portrayals of its security policy from their headlines and SEO (used to enable the discovery of articles via search engines), Google can help ensure that the issue isn't a factor in reducing sales in Google Play without needing to tighten up its security policy or enforce any constraints on its developers to product Android users' privacy rights.
post #2 of 256
Maybe it's not a flaw since they programmed it that way, but giving out personal deets to someone with warning users is huge.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #3 of 256
If it was deliberate on Google's part, yeah, I think that qualifies as "massive." Insisting that it not be called a "flaw," while technically correct, really skirts the issue that it's a pretty bad decision on their part to be handing out customer data to app programmers.
post #4 of 256

Apple has hardware to profit on, Google has... you!

Where are we on the curve? We'll know once it goes asymptotic!
Reply
Where are we on the curve? We'll know once it goes asymptotic!
Reply
post #5 of 256
Quote:
Originally Posted by IQatEdo View Post

Apple has hardware to profit on...

Oh - and iTunes as it turns out, how ironic lol.

Where are we on the curve? We'll know once it goes asymptotic!
Reply
Where are we on the curve? We'll know once it goes asymptotic!
Reply
post #6 of 256
Quote:
Originally Posted by Dave MacLachlan View Post

If it was deliberate on Google's part, yeah, I think that qualifies as "massive." Insisting that it not be called a "flaw," while technically correct, really skirts the issue that it's a pretty bad decision on their part to be handing out customer data to app programmers.

 

It's not a question of If. It is a question of ``When will the DoJ step in'' and ride them hard? You wanna lose DoD and other contracts, this is how to do it Google.

post #7 of 256
Imagine the months of reverberations if Apple contacted a journalist to have any one of the many exaggerated Apple ad-bait stories toned down or made factual!

This will be forgotten instantly. That would not be!
post #8 of 256

Just use the name, city and e-mail, you can google them and find the exact address almost everyone that downloaded your app.  Yes this is a massive oversight, it is as if Walmart gave the name of its customers to all of its suppliers.  I don't think average people are ready for that kind of information sharing.

post #9 of 256
Quote:
Originally Posted by charlituna View Post

Maybe it's not a flaw since they programmed it that way, but giving out personal deets to someone with warning users is huge.

Either way I'd call it a flaw. The only difference I see if it's an unintentional flaw in coding/design or an intentional flaw in the basic security of the livestock customer.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #10 of 256
Quote:
Originally Posted by winstein2010 View Post

Just use the name, city and e-mail, you can google them and find the exact address almost everyone that downloaded your app.  Yes this is a massive oversight, it is as if Walmart gave the name of its customers to all of its suppliers.  I don't think average people are ready for that kind of information sharing.

RFID has the potential to make Google's actions seem like kids paying in a sandbox. It might eventuate that Walmart one day, leverages far more power over your personal information than even Google.

Where are we on the curve? We'll know once it goes asymptotic!
Reply
Where are we on the curve? We'll know once it goes asymptotic!
Reply
post #11 of 256
Quote:
Originally Posted by nagromme View Post

Imagine the months of reverberations if Apple contacted a journalist to have any one of the many exaggerated Apple ad-bait stories toned down or made factual!

This will be forgotten instantly. That would not be!

Exactly. Heck, even when information was NOT transmitted, but simply the location of cell towers stored on the phone, everyone was all over Apple.

There is clearly a double standard.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #12 of 256
Of course, Google doesn't want everyone to know. This really pisses me off.
post #13 of 256
Why did the "journalists" capitulate? Does Google have editorial oversight on all their articles? I mean wtf?
post #14 of 256
Quote:
Originally Posted by nagromme View Post

Imagine the months of reverberations if Apple contacted a journalist to have any one of the many exaggerated Apple ad-bait stories toned down or made factual!

Our resident shills are probably searching feverishly for just such instances, right now.
post #15 of 256
So Google have an aggressive PR department at work altering negative press wherever it can?
post #16 of 256
Quote:
Originally Posted by IQatEdo View Post

Oh - and iTunes as it turns out, how ironic lol.

How is that ironic? Was iTunes not supposed be profitable?
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #17 of 256
Google forgot to add: "...or else"

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #18 of 256
Quote:
Originally Posted by zbarsky View Post

So Google have an aggressive PR department at work altering negative press wherever it can?

I'm just going to go ahead and assume that it will mysteriously never bubble up in Google News' front page.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #19 of 256
When will people learn that, in the final analysis, you get what you pay for.....
post #20 of 256
Quote:
Originally Posted by Suddenly Newton View Post

Google forgot to add: "...or else"

Ah so. News.com.au is hoping to show up in a search result again sometime. That explains why they caved.
post #21 of 256
Quote:
Originally Posted by jragosta View Post

Exactly. Heck, even when information was NOT transmitted, but simply the location of cell towers stored on the phone, everyone was all over Apple.

There is clearly a double standard.

"Apple is evil, therefore, anything evil done by Google while competing with Apple is automatically good." That's the logic behind Google apologetics.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #22 of 256
Quote:
Originally Posted by dasanman69 View Post


How is that ironic? Was iTunes not supposed be profitable?

Was waiting for the question lol. It was possible to put songs onto existing mp3 players before the iPod was released but with its new hardware, Apple required a more assured (and guaranteed legal) avenue, hence iTunes. iTunes was a vehicle but is now quite a revenue generator in its own right and increasingly independent of the iPod, which is the irony because at the time, the iPod was everything to Apple with the iPhone and AppleTV just a twinkle in Jobs' eye.

Where are we on the curve? We'll know once it goes asymptotic!
Reply
Where are we on the curve? We'll know once it goes asymptotic!
Reply
post #23 of 256
The convoluted 20 step process required to bypass an iPhone unlock code, with requires physical access to the phone, got more play than this story. And why the **** should journalists agree abide by Google's demands?
post #24 of 256

This is what you get when you choose Android. You get screwed, and deservedly so. What the hell did you expect? It's a shoddy free OS made by a company that collects information on people, including you.

 

On this very page, I see that Google Adsense, Google Analytics, Facebook Connect and more are being blocked by a plug in on my Safari.

 

How come I never see Apple getting blocked on any sites that I visit? Oh, that's right, Apple doesn't spy on people everywhere that they go and then steal their information left & right, and then turn around and hand it over to whoever, including "developers", who may belong to a huge criminal syndicate for all anybody knows.

 

The average ignoramus walking into a mobile phone store and walking out with a cheap or free Android phone may end up regretting their purchase a whole lot when they eventually find out that what they have to lose is worth a lot more than the few bucks that they think that they may have saved. Is the average Fandroid so ignorant and non caring about their privacy, that they just don't give a damn?

 

I would never recommend any Android device for anybody that I know. I'd go so far as to say that it's downright dangerous. I also would never hire anybody who owned an Android device, as they are potentially a walking security disaster, not to mention that they are most likely not the right person for the job, due to their poor taste and overall technical ignorance.


Edited by Apple ][ - 2/16/13 at 9:52pm
post #25 of 256

What's really scary is that Google has ZERO approval process when it comes to developers and their apps.  That means that ANYONE can create an app that does something useful or is popular and then get this information about you. I hope all you Android fans are happy that Google is your pimp, whoring your personal information out to anyone who has an email address.

post #26 of 256
Quote:
Originally Posted by jkichline View Post

What's really scary is that Google has ZERO approval process when it comes to developers and their apps.  That means that ANYONE can create an app that does something useful or is popular and then get this information about you. I hope all you Android fans are happy that Google is your pimp, whoring your personal information out to anyone who has an email address.


That is not true. Please don't make stuff up.

post #27 of 256
Quote:
Originally Posted by stelligent View Post


That is not true. Please don't make stuff up.


What approval process allows for Hello World apps into the Google Play store?

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #28 of 256
Quote:
Originally Posted by IQatEdo View Post

Quote:
Originally Posted by dasanman69 View Post


How is that ironic? Was iTunes not supposed be profitable?

Was waiting for the question lol. It was possible to put songs onto existing mp3 players before the iPod was released but with its new hardware, Apple required a more assured (and guaranteed legal) avenue, hence iTunes. iTunes was a vehicle but is now quite a revenue generator in its own right and increasingly independent of the iPod, which is the irony because at the time, the iPod was everything to Apple with the iPhone and AppleTV just a twinkle in Jobs' eye.

Either I don't understand what you guys are trying to say, or you guys don't understand the meaning of the word "ironic". 1hmm.gif

post #29 of 256
Quote:
Originally Posted by isaidso View Post

Either I don't understand what you guys are trying to say, or you guys don't understand the meaning of the word "ironic". 1hmm.gif

I'm not understanding where the irony is. I see nothing about iTunes that has happened the opposite way to what is expected.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #30 of 256
Quote:
Originally Posted by SolipsismX View Post


What approval process allows for Hello World apps into the Google Play store?

I think he was talking about getting the information part. Only if a user pays for an app will developers see their personal info on the Merchant portal. Free apps don't show customers personal details.

post #31 of 256

Surprised this isn't bigger news on the tech sites. No wait, I'm not surprised. If it was about Apple there'd be a multi-billion dollar class action suit. Since it's not, this will be forgotten in a few days.

 

Funny to read the spin on Android sites like it's not a big deal. Having your real name, primary e-mail address and city (plus possible zip code) isn't a big deal? How come other online retailers (Amazon, Apple for example) don't provide this information to developers?

post #32 of 256

Does Amazon.com Share the Information It Receives?
Information about our customers is an important part of our business, and we are not in the business of selling it to others. We share customer information only as described below and with subsidiaries Amazon.com, Inc. controls that either are subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice.

  • Affiliated Businesses We Do Not Control: We work closely with affiliated businesses. In some cases, such as Marketplace sellers, these businesses operate stores at Amazon.com or sell offerings to you at Amazon.com. In other cases, we operate stores, provide services, or sell product lines jointly with these businesses. Click here for some examples of co-branded and joint offerings. You can tell when a third party is involved in your transactions, and we share customer information related to those transactions with that third party.
  • Third-Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include fulfilling orders, delivering packages, sending postal mail and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance, providing search results and links (including paid listings and links), processing credit card payments, and providing customer service. They have access to personal information needed to perform their functions, but may not use it for other purposes.
post #33 of 256
Quote:
Originally Posted by SolipsismX View Post


I'm not understanding where the irony is. I see nothing about iTunes that has happened the opposite way to what is expected.

Upon the release of the iPod, the hardware was revolutionary, sporting for example a HD. iTunes was often portrayed as having been constructed in support of this revolutionary hardware and was touted as not being, or needing to be, all that profitable in its own right. Now, the ecosystem that is iTunes and the associated store is increasingly viewed as setting Apple products apart in the face of stiff hardware competition and that perhaps, hardware is increasingly supporting iTunes (and that which it spawned, iTunes and App stores), which would be a complete role reversal. This assertion might be quite incorrect but if true would be ironic.

Where are we on the curve? We'll know once it goes asymptotic!
Reply
Where are we on the curve? We'll know once it goes asymptotic!
Reply
post #34 of 256

Privacy Policy

Your privacy is important to Apple. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

 

Collection and Use of Personal Information

Personal information is data that can be used to uniquely identify or contact a single person.

You may be asked to provide your personal information anytime you are in contact with Apple or anApple affiliated company. Apple and its affiliates may share this personal information with each other and use it consistent with this Privacy Policy. They may also combine it with other information to provide and improve our products, services, content, and advertising.

 

Collection and Use of Non-Personal Information

We also collect non-personal information − data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:

 

Disclosure to Third Parties

At times Apple may make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers. For example, when you purchase and activate your iPhone, you authorize Apple and its carrier to exchange the information you provide during the activation process to carry out service. If you are approved for service, your account will be governed by Apple and its carrier’s respective privacy policies. Personal information will only be shared by Apple to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes

post #35 of 256
I wouldn't call it a flaw, I think it's worse. A flaw would be when it does it accidentally through a bug or design error. This is working as intended. That makes it criminal. Not legally but small 'c' kind of criminal. It's a cynical, disrespectful, screw the customer (product) for everything we can get out of them policy.
post #36 of 256

I just want to know if this flaw is real, I saw it on CNET and a few websites before Insaw it here, but not on many prominent tech blogs. Are they avoiding the story bc of their sponsors/Advertisers? 

 

Is this real? Why haven't I seen it on ARS or the Verge?

post #37 of 256
Google implicitly controls the press, and especially the blogosphere, since those outlets rely in google news to draw attention to them. So of course they aren't going to be be critical.

More to the point, this isn't news. As noted above, people must know they're giving up privacy when they go the google route. They're effectively selling their privacy to pay for the products and services google provides. Live with it.

Apple transgressions are news, in contrast, because the company trades on, and mostly lives up to, it's reputed integrity. Oh, and don't forget, google news can make sure negative Apple press gets seen, thus driving hits to mews outlets willing to produce such stories.
post #38 of 256
Quote:
Originally Posted by bleh1234 View Post

Privacy Policy

Your privacy is important to Apple. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information. Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.

 

Collection and Use of Personal Information

Personal information is data that can be used to uniquely identify or contact a single person.

You may be asked to provide your personal information anytime you are in contact with Apple or anApple affiliated company. Apple and its affiliates may share this personal information with each other and use it consistent with this Privacy Policy. They may also combine it with other information to provide and improve our products, services, content, and advertising.

 

Collection and Use of Non-Personal Information

We also collect non-personal information − data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:

 

Disclosure to Third Parties

At times Apple may make certain personal information available to strategic partners that work with Apple to provide products and services, or that help Apple market to customers. For example, when you purchase and activate your iPhone, you authorize Apple and its carrier to exchange the information you provide during the activation process to carry out service. If you are approved for service, your account will be governed by Apple and its carrier’s respective privacy policies. Personal information will only be shared by Apple to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes

This is interesting. You note that Apple defines "non personal information" only as information that does not permit association with any specific individual.

 

In the entire EU this may, and in many cases would, nevertheless qualify as personal information.  In the EU data protection directive, 95/46/EC personal information is defined in a significantly different way:

 

Personal data are defined as "any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;" (art. 2 a)

 

which makes it an undisputable fact that Apple's privacy policy does NOT in fact give the assurances that its users may indeed expect, simply by the trick of defining personal information in a manner that is less broad than the legal definition.

 

Considering that (a) the privacy policy is written by Apple lawyers and (b) that the EU definition of personal information is well established and well known internationally, ESPECIALLY by privacy professionals, it would seem to me that Apple INTENTIONALLY took the course it did.

 

Or putting it differently: If Apple claims that it does not process personal information, based on their own, manifestly incorrect definition, then this is simply not true.

post #39 of 256
I don't mind providing this data to a (liable) COMPANY. But to an individual? To a teen developer with no serious privacy-policy? I wouldn't sign up for that.
post #40 of 256
As the saying goes there's no such thing as a free lunch.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Google asks journalists to tone down story of "massive" Google Play security flaw
AppleInsider › Forums › Mobile › iPhone › Google asks journalists to tone down story of "massive" Google Play security flaw