“Sebastian Holst makes yoga mobile apps with his wife, a yoga instructor. The Mobile Yogi is sold in all the major mobile app stores. But when someone buys his app in the Google Play store, Holst automatically gets something he says he didn’t ask for: the buyer’s full name, location and email address. He says consumers are not aware that Google Inc. is sharing their personal information with third parties. No other app store transmits users’ personal information to third-party developers when they buy apps, he said.” Oh Google.
If so, then I should be safe. This kind of privacy violation is just… wrong. Google seems to think that their customers automatically trust third parties or something… if anything, this demonstrates that Google themselves should not be trusted.
Yes, it applies only when buying. And only after the 15 minutes are up. Just like any other merchant account gets that information with Google Wallet. Remember that each app outlet on Play Store is actually a merchant account. The model of operation is very different than Apple’s.
Taken that into account, it’s quite obvious that you actually have to provide that information to the merchant.
How do you ask for a refund, if you don’t provide that information.
This only sounds like a big deal, but I bet you rather have that information disclosed to the seller than go through 3 different types of support to get your money back.
I’d rather have a better solution, but I doubt that it would fix more than it would break.
Also, don’t forget that unlike regular Play Store accounts, merchant accounts are controlled much more strictly.
JAlexoid,
Why do merchants *need* this information? I can understand why the merchant would like to have it, but it’s not really technically any better than a discrete transaction id for the purposes of identifying the payment.
“How do you ask for a refund, if you don’t provide that information.”
A transaction id or account number is just as accurate for this purpose. The only reason I can think of to have email/location/name is for vendor to initiate contact with the user, not the other way around. This may be innocent and even desirable, like getting emails about software updates. However IMHO *all* email subscriptions should be opt-in. Vendors have no need for an email address which they’ll never use, and (hopefully) they’ll never use an email address which they haven’t gotten permission to use.
This whole shenanigan is easily rectified by simply prompting the user’s email address at the time of purchase using google’s records for defaults. This way there would be no non-consensual privacy violations and the user gets to choose what information gets shared.
In EU it’s a legal requirement. Since it’s a transaction that is not associated with a cash register, in EU the corresponding sales documentation has to have buyer’s and seller’s details(name, address at the minimum). Both parties have to have that invoice.
US, not sure.
Nope. Refunds based on that information can be only made to an active CC. You need much more information to refund to a different CC or send a cheque.
The risk of it is too high. If any of the merchants that I bought Android apps from try to contact me that is grounds for immediate termination of agreement without a payout. (4.2 Google Wallet merchant agreement)
This is clearly a bug no way it could ever be intentional.
However it’s strange this story has been out for a few days and noone is really aware of it. If it had been a certain fruit company everyone would be rioting.
It’s on every technology site, Calimero.
Err no it’s not. This was first reported approximately two days ago. If it had been about Apple you would have seen frontage headlines within minutes, everywhere (for ex. the lock screen bug, where the ones concerning Android seem to get lost).
It could be a bug, if if you read the article it mentions Google defends sending this information to developers.
I guess it should be allowed IF (IF!!!) the user/customer was made fully aware and has to opt in (not out).
Agreed. This is clearly a bug because this kind of service under no circumstance can be free. It is always subject to a fee.
You, specifically, can’t opt out. Dutch and EU law requires that information be shared in case of electronic transactions.
Man, it’s so hard to be persecuted, eh?
Much as I hate to be defending Apple this time, the OP is absolutely correct. There’s definitely a double standard in place for Apple in the tech media, particularly though not exclusively when compared to Google. If Apple had been the one doing this, everyone would have been up in arms, torches lit, ready to burn down Apple HQ and any other buildings around them just to make sure the deed was done. When Google does it, not only do we get some people giving them the benefit of the doubt but we even have some that claim Google are in the right to do this. If that’s not a double standard, I don’t know what is. For myself, I say no app store should give away customers’ information without explicitly asking the customer and the customer should have to opt in, not opt out.
Sorry, what was this article about again?
It is a double standard, but it’s not without a reason thanks to Apple’s doing THEIR OWN MASSIVE SHARE of double standarding. Just one example of attitude is enough, like “we can borrow ideas shamelessly but everybody else borrowing from us is an IP thief and the we’re seeing in court”
You reap what you sow – people just see that.
No, no, no. Two wrongs absolutely do not make a right. If you believe they do, you should become a US politician. This is the kind of crap I’d expect to see in political ads: Well, they did it first, so we’re going to do it right back to them. Don’t drop down to their level, be better than that. Apple are pricks. Google are pricks. That doesn’t mean I have to be a prick too.
I’m afraid you misread my intentions.
I didn’t write a single word like that or mean that I’m OK with Google doing it. As an Android user, I most certainly am not!
What I meant is the journalists’ double standard comes from the reputation that Apple has; Google has a better reputation and so the cognitive bias favours Google.
I’m simply trying to provide a sensible explanation for the phenomenon; not trying to provide excuses or defend Google.
Much as I hate to be defending Apple this time, the OP is absolutely correct. There’s definitely a double standard in place for Apple in the tech media, particularly though not exclusively when compared to Google. [/q]
Yeah, I can’t imagine why the tech media would have any negative feelings towards Apple. It’s not they have a history of suing bloggers and tech journos, right?
And how is that any different from what happens every time there’s a negative story about Apple? The Apple apologists all come out of the woodwork, doing their best to shoot the messenger & passive-aggressively berating everyone who doesn’t bend over backwards to give Apple the benefit of the doubt.
Actually, now that I think of it, there are some differences… I’ve never seen anyone defend Google by lazily painting even its mildest critics as “Google haters”. I’ve never seen news sites accused of “anti-Google bias” simply for publishing negative news about them.
Yes, if I go to Google Checkout I can see name and address to people who buy my app. Is this really news? I understand the concern, but a lot of people must already be aware of this.
As the article says: “they are my customers, not Google’s and not Apple’s customers. They download our products.”
Google is the only one who is doing it correctly.
In that respect, you wouldn’t mind if every time you made a purchase with your card, your bank sent in your email, address and name to the retailer.
After all, You Are the Retailer’s customer and not the bank’s, in this case.
If it is an online purchase, the retailer will usually require your address already, perhaps to deliver goods, to help validate payment details/identity, to determine warranty/support entitlement.
In the case of a purchase in a store, there is no need to pass on those details since the customer is given a receipt which proves what they purchased and when.
I think Google ought to be mindful of what they send developers and how it is used (information provided should not be shared etc), but I do think they should send the something to the developer.
When you make a purchase of an app (even if it’s free) you have the option to receive a receipt for it. There’s no need for anyone to give away your personal info. Especially without your consent.
And if you want the correct analogy, Google in this case can be treated as the Retailer. When you go to Selfridges and you buy a Samsung TV, they are by no means entitled to pass along any information to Samsung without your consent. Why is Google doing it in this case?
When you download a free app from Play Store there is no receipt or anything. You’re not buying it.
Your physical receipt is proof of purchase(goods exchanged for finances) with strict legal guidelines. There is no legal equivalent e-receipt. Your order confirmation from Amazon is not a receipt. Invoice/Order, delivery of that order and proof of payment make the legal equivalent of a receipt.
No they are not. They are a payment processor. Google does not handle returns or sell you anything.
Here is the actual order info from my Wallet page, to prove that you are actually mistaken in your assessment of the situation:
15 Nov Rovio Mobile Ltd. charged your **** for USD3.68. “GOOGLE *Rovio Mobile” will appear on your billing statement.
15 Nov Rovio Mobile Ltd. received your order.
15 Nov You placed an order with Rovio Mobile Ltd. on 15 Nov. Google Wallet sent a copy of this receipt to ***
Purchased from:
Rovio Mobile Ltd.
2275 E Bayshore Rd Ste 108
Palo Alto CA 94303
Where does the download come from? If its from Google then they are a retailer, think Walmart. If the download comes from the developer then Google is only a payment processor.
Because the developers rent the space and bandwidth from Google, Google becomes the retailer?
Does the owner of a shopping centre become the retailer, because there are a lot of butiques renting space?
In my experience it’s up to the payment gateway provider to validate the payment info, not the seller. Unless the seller is authorised to process payments themselves (which they tend not to be).
Any warranty or support is based on a transaction ID not the purchasers personal details.
Unless they have merchant accounts, that is. And this time it is exactly the case…
Payment gateways provided via banks often require you to have a merchant account (the do in where I am at any rate). You still don’t see much data beyond the transaction ID much less the address of the buyer.
I guess it depends on nature of the particular payment gateway provider?
Google is not a bank nor does it function as one so that comparison doesn’t fly.
Okay, imagine if WalMart, Best Buy, Target, Staples, Amazon, or any other retailer handed over your personal identification to every manufacturer of a product you purchased in their store.
Is that analogy accurate and repugnant enough for you?
I think both analogies can stand and both visions are correct in some regards. The problem is, app stores are kind of new, so not everybody has the same expectations for them.
Google should make it very clear to Android users that their informations will be shared with the developer. They should probably add a checkbox to allow/disallow that.
Or maybe Google should setup a proxy email address for every Play store user ([email protected]) and share that email address with the developer. This would allow the developers to contact their users but still protected the privacy of users.
Only if WalMart, Best Buy, Target, Staples were listing the product information in their stores and only handled the financial side of the order. Then they would have to send that information to the manufacturer to fulfil that order.
Amazon actually does that exact thing, where the manufacturer lists their own goods in their Amazon store-front and it’s not “sold by Amazon”.
That being the case, kindly do not use the Playstore and require people to buy your app directly from you. If they’re your customers, then you should assume all responsibilities for your product. Then the customers are aware what information they give you, and you get the information you want. To me, the Playstore is a retailer. Your products are being sold there, but that doesn’t give you the right to have my personal information unless I expressly give it to you just as, for example, Apple has no right to my personal information if I purchase one of their products from Best Buy unless I expressly give it to them. Google should not be exempt from decency.
That’s one guy’s comments. His own editor, and probably the most knowledgeable journalist on Google — Danny Sullivan, disagrees with him:
And two other developers disagree as well:
So, no, the article doesn’t say Google is doing it right. It expresses several viewpoints on the matter, and the majority of the proffered opinions are absolutely against it.
Edited 2013-02-15 19:32 UTC
When one signs up with google, we have the reasonable expectation that they don’t share our personal information. It sounds like they are violating this expectation. In the future they’ll probably have to remedy this either by making clear that they do share your information, or by ceasing to share the personal information at all.
News like this legitimizes the practice of using fake information on account registration forms. How many of us do that?
Edited 2013-02-15 15:35 UTC
OMG, not my email! Oh no, I’ might get more spam! My location? Oh, well it’s not like every time I make a purchase I’m not already giving out my credit card information, or that GPS locations being shared by phone companies hasn’t been something happening all the time already. My name? Oh no, now if I have a question and contact the developer, they might be able to verify that I actually purchased their app?!
And yeah, I’d feel the exact same way if it were Apple. Seriously, if you’re on Facebook then you’re already sharing way more than this with absolute strangers without making any purchases. Internet activists up in arms, indeed.
The difference is that I am AWARE that I am sharing all those details with Facebook.
I was not AWARE Google shared this with developers when I buy at Google Play.
pysiak,
“I was not AWARE Google shared this with developers when I buy at Google Play.”
osnews won’t let me +1 you…
Are you aware that eBay shares that information with the sellers?
That makes sense: physical shipping!
Google Play doesn’t ship parcels.
Google Play operates using same business model. And they still have to issue proper invoices.
Correct me if I am wrong, pls. When I buy an app, that app has access to certain info from my device. Can’t the app send the same info back to the company anyway? So whats the big deal for Google to send the info too?
The app could send this same information to the developer but the developer would have to submit that app with notices that it does so and the user would be informed of such when they purchase.
Google isn’t doing this. And it’s clear they aware of this because they specifically say this is how it always has been and is intended. But in their privacy statements, you’ll find that they only mention this for magazine or other subscription-based content (because they have to cow to the publisher’s desires to market to them when it comes to magazines) but make absolutely no mention of the fact that this is happening for all apps.
Google is the business of monetarizing your personal information, just like Facebook. That’s their business model. I can appreciate that not all regular folks will understand that, but it’s kind of amazing that some people in IT don’t get that. Geez, maybe schools should require something beyond just tech courses to get a BS or MS in CS.
Everyone knew Google had this data — that’s only logical. The concern is that they are then sharing it back to developers (for people who purchase/download their app obviously) when they say that they don’t do that.
Where did Google say that? (Also, it’s only where there’s a fulfilled order. Just downloading a free app provides the merchant with nothing)
Where does Google not say something? Everywhere!
Jesus… Read the links. There is explicit notification of it for subscription content; their is no commenserate notification for paid apps.
Google Play is different from all other app stores.
On Amazon App Store and Apple App Store, Amazon/Apple is the seller. They pay the developer royalties.
On Google Play, the developer is the seller.
He pays royalty to Google Play for the broker services.
Apple and Amazon do a lot more work for their 30% cut than Google does. Google should be reducing its cut to 15% IMO.
No, just wrong, patently false.
Google does not pass on 100% of app revenue to devs and then get payed back a 30% cut. And Apple and Amazon aren’t different because you decided to use “royalties” inappropriately.
Such misinformation is not helpful, nor do I even see how, if such a setup were the case, that would impact this privacy issue anyway. It simply sounds like tortured and incorrect rationalization in hopes of handwaving away a real privacy issue.
Edited 2013-02-15 19:05 UTC
You don’t even have a Google Wallet merchant account, yet you think that you are in a position to make such claims?
(Do you even have a CC registered with Google Wallet?)
All the statements made by GP are factually correct.
How do you know if I have Google Wallet?
No, he is precisely wrong. Extending the ability to offer refunds to developers doesn’t change the seller/agent model in the least. We could compare the terms and services of the agreements if you’d like, but the simplest way to point out that it is still a seller/agent model is that the seller doesn’t get access to the money on a transactional basis. Google provides monthly payouts (when they can do so on time) with their agency % removed.
The money is not flowing directly to the developer at all. The developer is not then obligated to pay back Google’s share at all.
All that is different is that Google has offloaded a small measure of customer service to its developers (this has pros as well as cons) and they’ve tied those devs to their PayPal clone. That doesn’t alter the seller/agent relationship.
Edited 2013-02-16 05:33 UTC
Because you make claims that any person that received a receipt from Google Wallet will not make the claims that you are making.
That is exactly how any payment service operates. That is exactly how your credit/debit card transactions get settled. Yet you don’t call Visa or MasterCard if your TV is broken. And for the online transactions they do send all the personal information to the merchant.
That is exactly how it operates. I get the full amount and then I get deducted the 30% as transaction fees(automatically, like ano other payment service). The result is deposited into the account.
What are you all talking about? Apart from the App Store (and i don’t know what BlackBerry and Microsoft do), have you ever bought anything from anyone, without providing information of who you are? Even your email receipt is pretty clear that you are buying from a merchant, and not from Google. Google isn’t selling you shite, they are only handling the transaction.
Granted, they could probably (well, obviously since this whining has emerged) be more clear when you have to click the “Accept & Buy” button, who you are buying from, but that’s about it. Your receipt is pretty clear
/Uni
Edited 2013-02-17 13:33 UTC
MyNameIsNot4Letter,
“What are you all talking about? Apart from the App Store (and i don’t know what BlackBerry and Microsoft do), have you ever bought anything from anyone, without providing information of who you are?”
Have you ever used cash?
Edited 2013-02-18 18:47 UTC