If you buy Android apps from the Google Play Store, you may be surprised to know that the developers of those apps get access to your name, e-mail address and zip code.
This isn’t a new policy, and apparently it’s by design. But it was news to me, and given that Google doesn’t clearly tell users about it, I imagine a lot of people don’t know about the policy.
The issue was brought up in a blog post by Dan Nolan, a developer based in Australia, before it was picked up by news.com.au and others:
With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase. …
This is a massive oversight by Google. Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it and it’s made crystal clear to them that I’m getting this information.
Nolan also suggests that unscrupulous developers could use e-mail addresses to sign users up for marketing, even if they haven’t been given permission.
Legally, Google has itself covered. Although the terms of service for Google Play say nothing about sharing information with app makers, it’s actually Google Wallet, the company’s Paypal-like online payment platform, that handles the transaction. And just like Paypal, Google Wallet shares buyer information with the merchant, as noted in its privacy policy.
When asked to respond, Google sent over the following statement: “Google Wallet shares the information needed to process transactions, and this is clearly stated in the Google Wallet Privacy Notice.”
Google’s policy has its defenders. Over at Marketing Land, Barry Schwartz argues that people who buy his apps are his customers, not Google’s. By knowing who they are, he can provide better service. “Apple doesn’t tell us who our customers are, and when we need that information to verify ownership or to give refunds, we are left with blindfolds on,” Schwartz wrote.
Also, Google does hold developers accountable to some extent. It says they can only use account information for “limited purposes” for which they’re received permission from users. Developers are of course bound to local laws as well. (Not that this is a foolproof deterrent; we’ve seen a fair share of bad behavior from Android app makers before.)
Still, the way Google has approached the matter feels a bit shady. When you buy an app through the Google Play Store, it’s not like using Paypal to buy a piece of furniture. You don’t enter your name or your e-mail address in a form. You don’t visit the website of the person who made the app. It’s easy to assume you’re transacting with Google, not the developer. That’s exactly why this issue has taken some people by surprise, even though it’s not new.
Realistically, there isn’t a huge danger in letting app developers see your e-mail address, but it still seems to me like a violation of trust on Google’s part. The policy would be a lot more palatable if it was stated clearly to users at the time of purchase, not buried beneath two layers of legalese.