Google asks journalists to tone down story of "massive" Google Play security flaw

Posted:
in iPhone edited January 2014
After reporting that Google Play now distributes Android app buyers' location and contact information to developers, a journalist was contacted by the search giant with a request to tone down the story, its headline and its SEO information.

News toned down by Google

Google Play's "massive oversight" in undisclosed sharing of customer data

The original story, run by Australia's News.com.au, was headlined "Massive Google security flaw puts users' details on display for all to find."

It outlined a recent policy shift at the Google Play online software and media store run for Android users, which now forwards developers the personal information of buyers, including their neighborhood and email address. The sharing of customers' data is not outlined in either Google Play's Terms of Service or in the company's privacy statement.

The undisclosed sharing was discovered by Australian developer Dan Nolan, who noted in a blog entry, "every App purchase you make on Google Play gives the developer your name, suburb and email address with no indication that this information is actually being transferred."

One risk to the undisclosed sharing noted by Nolan was that, "with the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase."

A greater risk its that, with millions of names being distributed to every vendor of paid apps on Google Play, the likelihood of a security breach through malware becomes very high. Customers who entrusted their details to Google are now having their information spread across a variety of developers who may not even have a security policy.

Nolan told the site that nobody has been talking about Google Play's undisclosed sharing because "the people who would have paid attention to it were likely exploiting it and selling users' personal information, using it as an extra source of revenue on top of what they were making off their Google Play / Android app."

He added, "This is a massive oversight by Google."

Google seeks to bury story, tone down articles and SEO on the subject

After publishing the story, News.com.au reported that "this story was amended at the request of Google. News.com.au took out the words 'massive' and 'huge' - referencing the size of the security 'flaw'. The word 'flaw' was also put into inverted commas."

Google wouldn't comment on the record, but apparently views the issue of sharing customers' data as non-newsworthy policy that shouldn't be reported as a security flaw, especially not as a serious one that users should take notice of.

The author, Claire Porter, added a comment on the story after its headline had been neutered to the nicer "Google 'flaw' puts users' details on display" that stated, "For the people asking how the story was amended: Despite the fact that Google refused to comment on the record, I was asked to change the headline (both the homepage headline and SEO headline inside the story), as well as the standfirst and lead (first paragraph). Google's issue was with the use of the word 'flaw.'

"Apparently a system that is designed to share users information with developers without their knowledge or permission and without explicitly saying so in any terms of service is not considered to be a flaw," Porter wrote.

"I have no problem amending stories if they are factually incorrect but the fact is neither developers nor customers were aware of this information sharing and Mr Nolan is not the only developer to express concern over having this information at his disposal. There's little reason app developers should have this information. If Google was going to share this information they should have been clear about this from the start. Hope this clears things up."

Developer bonus or customer privacy flaw?

Many of the user comments on the issue were found no problem with Google sending users' personal data to developers, with one complaining that the issue was just a matter of unfairly comparing Google with Apple's higher standard for security in the App Store.

Developer David Brown wrote, "Apple hide[s] all of these details because they're control freaks! I have details of every customers I have, whether they paid through PayPal or credit card...does that mean I'll go and harrass [sic] them if they dislike my service?"

Customers have overwhelmingly chosen to buy more apps from Apple's iOS App Store than from Google Play, but this may have more to do with the selection and quality of apps available for iOS rather than an informed customer base that's done the research to know whether an online vendor is likely to share their personal data without notice or permission.

By leaning on reporters to remove unflattering portrayals of its security policy from their headlines and SEO (used to enable the discovery of articles via search engines), Google can help ensure that the issue isn't a factor in reducing sales in Google Play without needing to tighten up its security policy or enforce any constraints on its developers to product Android users' privacy rights.
«13456713

Comments

  • Reply 1 of 257
    Maybe it's not a flaw since they programmed it that way, but giving out personal deets to someone with warning users is huge.
  • Reply 2 of 257
    If it was deliberate on Google's part, yeah, I think that qualifies as "massive." Insisting that it not be called a "flaw," while technically correct, really skirts the issue that it's a pretty bad decision on their part to be handing out customer data to app programmers.
  • Reply 3 of 257
    iqatedoiqatedo Posts: 1,822member


    Apple has hardware to profit on, Google has... you!

  • Reply 4 of 257
    iqatedoiqatedo Posts: 1,822member

    Quote:

    Originally Posted by IQatEdo View Post


    Apple has hardware to profit on...



    Oh - and iTunes as it turns out, how ironic lol.

  • Reply 5 of 257

    Quote:

    Originally Posted by Dave MacLachlan View Post



    If it was deliberate on Google's part, yeah, I think that qualifies as "massive." Insisting that it not be called a "flaw," while technically correct, really skirts the issue that it's a pretty bad decision on their part to be handing out customer data to app programmers.


     


    It's not a question of If. It is a question of ``When will the DoJ step in'' and ride them hard? You wanna lose DoD and other contracts, this is how to do it Google.

  • Reply 6 of 257
    nagrommenagromme Posts: 2,834member
    Imagine the months of reverberations if Apple contacted a journalist to have any one of the many exaggerated Apple ad-bait stories toned down or made factual!

    This will be forgotten instantly. That would not be!
  • Reply 7 of 257


    Just use the name, city and e-mail, you can google them and find the exact address almost everyone that downloaded your app.  Yes this is a massive oversight, it is as if Walmart gave the name of its customers to all of its suppliers.  I don't think average people are ready for that kind of information sharing.

  • Reply 8 of 257
    solipsismxsolipsismx Posts: 19,566member
    charlituna wrote: »
    Maybe it's not a flaw since they programmed it that way, but giving out personal deets to someone with warning users is huge.

    Either way I'd call it a flaw. The only difference I see if it's an unintentional flaw in coding/design or an intentional flaw in the basic security of the livestock customer.
  • Reply 9 of 257
    iqatedoiqatedo Posts: 1,822member

    Quote:

    Originally Posted by winstein2010 View Post


    Just use the name, city and e-mail, you can google them and find the exact address almost everyone that downloaded your app.  Yes this is a massive oversight, it is as if Walmart gave the name of its customers to all of its suppliers.  I don't think average people are ready for that kind of information sharing.



    RFID has the potential to make Google's actions seem like kids paying in a sandbox. It might eventuate that Walmart one day, leverages far more power over your personal information than even Google.

  • Reply 10 of 257
    jragostajragosta Posts: 10,473member
    nagromme wrote: »
    Imagine the months of reverberations if Apple contacted a journalist to have any one of the many exaggerated Apple ad-bait stories toned down or made factual!

    This will be forgotten instantly. That would not be!

    Exactly. Heck, even when information was NOT transmitted, but simply the location of cell towers stored on the phone, everyone was all over Apple.

    There is clearly a double standard.
  • Reply 11 of 257
    Of course, Google doesn't want everyone to know. This really pisses me off.
  • Reply 12 of 257
    quinneyquinney Posts: 2,528member
    Why did the "journalists" capitulate? Does Google have editorial oversight on all their articles? I mean wtf?
  • Reply 13 of 257
    quinneyquinney Posts: 2,528member
    nagromme wrote: »
    Imagine the months of reverberations if Apple contacted a journalist to have any one of the many exaggerated Apple ad-bait stories toned down or made factual!

    Our resident shills are probably searching feverishly for just such instances, right now.
  • Reply 14 of 257
    So Google have an aggressive PR department at work altering negative press wherever it can?
  • Reply 15 of 257
    dasanman69dasanman69 Posts: 13,002member
    iqatedo wrote: »
    Oh - and iTunes as it turns out, how ironic lol.

    How is that ironic? Was iTunes not supposed be profitable?
  • Reply 16 of 257
    Google forgot to add: "...or else"
  • Reply 17 of 257
    zbarsky wrote: »
    So Google have an aggressive PR department at work altering negative press wherever it can?

    I'm just going to go ahead and assume that it will mysteriously never bubble up in Google News' front page.
  • Reply 18 of 257
    When will people learn that, in the final analysis, you get what you pay for.....
  • Reply 19 of 257
    quinneyquinney Posts: 2,528member
    Google forgot to add: "...or else"

    Ah so. News.com.au is hoping to show up in a search result again sometime. That explains why they caved.
  • Reply 20 of 257
    jragosta wrote: »
    Exactly. Heck, even when information was NOT transmitted, but simply the location of cell towers stored on the phone, everyone was all over Apple.

    There is clearly a double standard.

    "Apple is evil, therefore, anything evil done by Google while competing with Apple is automatically good." That's the logic behind Google apologetics.
Sign In or Register to comment.