Tag Archives: Transparency

Notes from Google Play: Keeping our platform safe

Posted by Jacqueline Hart, Director, Trusted Experiences, Developer Enablement

Hi there,

With millions of Android apps to choose from, users are increasingly focused on the privacy and security of the titles they download. That’s why it’s so important to build user trust with delightful, high-quality app experiences built on a secure foundation.

I’m Jacqueline Hart and I lead the team that helps developers navigate our policies. We’re also responsible for reviewing apps on Google Play to make sure they are safe for users.

In this edition of Notes from Google Play, I’d like to share how we’re working to improve your policy experience and how we’re helping strengthen user trust by highlighting your app’s approach to privacy and security.

Over the past few months, we’ve shared updates on our key privacy and security initiatives to help you prepare for changes and use new tools and resources, including enhanced account data transparency and controls in your app’s Data safety section and new Android 14 functionality. Now, I’m pleased to share the next phase of features, tools, and updates that we’ve been working on to help keep our platform safe and trustworthy.

Giving you a better policy experience

A few months ago, we announced that we’re redesigning the App content page in Google Play Console to make your outstanding tasks clearer, and now we’re adding more information to help you:

  • Spot deadlines with a new timeline view for new and updated declarations
  • Understand why your app is in-scope for a particular declaration
  • Find relevant policy issues alongside each declaration, helping you identify and fix issues more quickly

Later this year, we plan to show not just existing declarations, but also upcoming declaration requirements and deadlines to give you more time to plan.

Clearly see outstanding declaration-related tasks in our redesigned App content page. 
Example is illustrative and subject to change

We’re also getting you critical information about third-party SDKs, including a new notice on Google Play SDK Index to help you make more informed decisions about which version of an SDK may cause your app to violate Google Play policies.

And now we’re bringing more critical information right into Play Console. Previously, you could only learn about SDK-related policy issues affecting your apps through an Inbox message or email. Later this year, we’ll bring this information to you right on the Policy status page so you can see any issues in one place and stay on top of your app’s policy status.

Soon, you can learn about SDK-related policy issues on the Policy status page in Play Console.
Example is illustrative and subject to change

We’re also making it easier to find out if your app is impacted by our Target API requirements, which requires you to build for the latest versions of Android so you can make use of our latest security updates and platform enhancements. Since early August, you may have seen information outlining any potential impact on your app on the Policy status page, including resources to help you learn what to do to stay compliant.

To give you further support, we’re launching more ways to improve the experience. These include the new Developer Help Community, where you can ask your peers about everything from Play Console to the latest policy changes, and the Google Play Strike Removal program, which helps eligible developers get certain enforcement strikes removed after passing a related Play Academy training course. We launched the program as a pilot last year and have seen a successful reduction in repeat violations, so now we’re making it available to all developers.

Building user trust with the Data safety section
Security plays an important role in helping users decide whether an app is right for them. Recently, we announced account data transparency and controls in the Data safety section to help build user trust. If you haven’t completed your updated Data safety form yet, watch our two-minute video to learn how before the December 7, 2023 deadline. Users will begin to see your new information in your store listing in early 2024.
Provide data deltion options in Play Console by Dec 7, 2023
Soon, you can learn about SDK-related policy issues on the Policy status page in Play Console. 
Example is illustrative and subject to change.

To help users feel confident about their downloads in sensitive app categories, we’re soon adding a new Play Store banner for the VPN app category to emphasize the importance of reviewing an app’s Data safety section before installing.

When users search for “VPN” apps in Google Play, they’ll see a banner that encourages them to look for a shield icon in the app’s Data safety section, which indicates that the app has completed an independent security review. VPN developers such as NordVPN, Google One and ExpressVPN are early adopters of this program. We encourage and anticipate additional VPN app developers to undergo independent security testing, bringing even more transparency to users. Users can learn more about the independent security validation process and see VPN apps that have been independently validated by tapping “Learn more” to go to the App Validation Directory.
Independent Security Review - VPN apps with this badge in the Data safety section have been independently validated against a global security standard.
We're rolling out a Play Store new banner to build user confidence in the VPN app category. 
Example is illustrative and subject to change.

If you are a VPN developer and interested in learning more about this feature, please submit this form.

Looking ahead

Our team at Google is prioritizing new ways to give users even more confidence in the quality and security of the apps and games they download, establishing Google Play as the most trusted app marketplace. This includes efforts like our new developer verification process for new Play Console accounts.

We’ve got a lot more to come, but I’m excited to share these updates with you now, and I hope they help you continue to thrive on our platform. As always, thanks for partnering with us to make Google Play a safe, trustworthy platform.

Jacqueline Hart

New policy update to boost trust and transparency on Google Play

Posted by Kobi Gluck, Director, Product Management, Google Play Developer

One of the many ways we keep Google Play a safe and trusted platform is by verifying the identity of developers and their payment information. This helps prevent the spread of malware, reduces fraud, and helps users understand who’s behind the apps they’re installing.

For example, we require developers to verify their email address and phone number to make sure that every account is created by a real person, with real contact details.

Today, we're announcing expanded developer verification requirements in our Play Console Requirements policy. As part of this update, we’ll also share more developer details on your app’s store listing page to help users make confident, informed choices about what to download.

Here’s a quick look at what’s new.

Requiring organizations to provide a D-U-N-S number

When you create a new Play Console developer account for an organization, you’ll now need to provide a D-U-N-S number. Assigned by Dun & Bradstreet, D-U-N-S numbers are unique nine-digit identifiers that are widely used to verify businesses.

Because we’ll use D-U-N-S numbers to verify your business information during the account creation process, it's important to make sure the information that Dun & Bradstreet has about your business is up to date before creating a developer account. You may also be required to submit official organization documents to help us to verify your information.

If you’re not sure if your organization has a D-U-N-S number, you can check with Dun & Bradstreet or request one for free. The process can take up to 30 days, so we encourage you to plan ahead. Learn more.

Moving image with trext reads Boosting trust and transparency in Google Play
Organizations will need to provide a D-U-N-S number

Building user trust by helping them make more informed choices

We’re renaming the “Contact details” section on your app’s store listing to “App support” and adding a new "About the developer” section to help users learn more about you. This may show verified identity information like name, address, and contact details.


Examples of the new “App support” section for individual accounts (on the left) and organizations (on the right). These examples are subject to change.

Keeping developer information up to date

Once you create a new Play Console developer account and we’ve verified your details, you’ll be eligible to start publishing apps on Google Play.

If at any point we can’t verify your information, like your legal name or address–we’ll get in touch and ask you to reverify your information to avoid having your apps removed from Google Play.

Timeline

On August 31, we’ll start rolling out these requirements for anyone creating new Play Console developer accounts. Your “About the developer” section will be visible to users as soon as you publish a new app. Over the first couple of months, we’ll listen to feedback and refine the experience before expanding to existing developers.

In October, we’ll share more information with existing developers about how to update and verify existing accounts.

Thank you for partnering with us as we continue to make Google Play a safe and trusted platform for everyone.

More information

Safer and More Transparent Access to User Location

Posted by Krish Vitaldevara, Director of Product Management Trust & Safety, Google Play

Last year, we made several changes to our platform and policies to increase user trust and safety. We’re proud of the work we’ve done to improve family safety, limit use of sensitive permissions, and catch bad actors before they ever reach the Play Store.

We realize that changes can lead to work for developers. Last year, you told us that you wanted more detailed communications about impactful updates, why we’re making them, and how to take action. You also asked for as much time as possible to make any changes required.

With that feedback in mind, today, we’re previewing Android and Google Play policy changes that will impact how developers access location in the background.

Giving users more control over their location data

Users consistently tell us that they want more control over their location data and that we should take every precaution to prevent misuse. Since the beginning of Android, users have needed to grant explicit permission to any app that wants access to their location data.

In Android 10, people were given additional control to only grant access when the app is in use, which makes location access more intentional. Users clearly appreciated this option as over half of users select “While app is in use.”

Now in Android 11, we’re giving users even more control with the ability to grant a temporary “one-time” permission to sensitive data like location. When users select this option, apps can only access the data until the user moves away from the app, and they must then request permission again for the next access. Please visit the Android 11 developer preview to learn more.

Preventing unnecessary access to background location

Users tell us they also want more protection on earlier versions of Android - as well as more transparency around how apps use this data.

As we took a closer look at background location usage, we found that many of the apps that requested background location didn’t actually need it. In fact, many of these apps could provide the same user experience by only accessing location when the app is visible to the user. We want to make it easier for users to choose when to share their location and they shouldn't be asked for a permission that the app doesn't need.

Later this year, we will be updating Google Play policy to require that developers get approval if they want to access location data in the background. Factors that will be looked at include:

  • Does the feature deliver clear value to the user?
  • Would users expect the app to access their location in the background?
  • Is the feature important to the primary purpose of the app?
  • Can you deliver the same experience without accessing location in the background?

All apps will be evaluated against the same factors, including apps made by Google, and all submissions will be reviewed by people on our team. Let’s take a look at three examples:

An app that sends emergency or safety alerts as part of its core functionality - and clearly communicates why access is needed to the user - would have a strong case to request background location.

A social networking app that allows users to elect to continuously share their location with friends would also have a strong case to access location in the background.

An app with a store locator feature would work just fine by only accessing location when the app is visible to the user. In this scenario, the app would not have a strong case to request background location under the new policy.

When we spoke to developers for feedback, the vast majority understood user concerns over their information falling into the wrong hands and were willing to change their location usage to be safer and more transparent.

Getting approval for background access

We know that when we update our policies, you want to get actionable feedback and have ample time to make changes. Before we implement this policy change, you will be able to submit your use case via the Play Console and receive feedback on whether it will be allowed under the new policy.

We anticipate the following timeline for this policy rollout; however, it is subject to change.

  • April: official Google Play policy update with background location
  • May: developers can request feedback on their use case via the Play Console with an estimated reply time of 2 weeks, depending on volume
  • August 3rd: all new apps submitted to Google Play that access background location will need to be approved
  • November 2nd: all existing apps that request background location will need to be approved or will be removed from Google Play

Review and evaluate your location access

We encourage all developers to review the following best practices for accessing location data in their apps:

  • Review the background location access checklist to identify any potential access in your code. Remember you are also responsible for ensuring all third party SDKs or libraries that you use comply with our policies, including access to background location.
  • Minimize your use of location by using the minimum scope necessary to provide a feature (i.e., coarse instead of fine, foreground instead of background).
  • Review privacy best practices and ensure you have the proper disclosure and privacy policies in place.

We hope you found this policy preview useful in planning your roadmap for the year and we appreciate your efforts to build privacy-friendly apps. Together, we can keep the Android ecosystem safe and secure for everyone.

New numbers and a new look for our Transparency Report

We launched the Transparency Report in 2010 to show how laws and policies affect access to information online, including law enforcement orders for user data and government requests to remove information. Since then, many other companies have launched their own transparency reports, and we’ve been excited to see our industry come together around transparency.

After doing things the same way for nearly five years, we thought it was time to give the Transparency Report an update. So today, as we release data about requests from governments to remove content from our services for the ninth time, we’re doing it with a new look and some new features that we hope will make the information more meaningful, and continue to push the envelope on the story we can tell with this kind of information.

More about that shortly—first, the data highlights. From June to December 2013, we received 3,105 government requests to remove 14,637 pieces of content. You may notice that this total decreased slightly from the first half of 2013; this is due to a spike in requests from Turkey during that period, which has since returned to lower levels. Meanwhile, the number of requests from Russia increased by 25 percent compared to the last reporting period. Requests from Thailand and Italy are on the rise as well. In the second half of 2013, the top three products for which governments requested removals were Blogger (1,066 requests), Search (841 requests) and YouTube (765 requests). In the second half of 2013, 38 percent of government removal requests cited defamation as a reason for removal, 16 percent cited obscenity or nudity, and 11 percent cited privacy or security.

As for the redesign, we’ve worked with our friends at Blue State Digital on a more interactive Transparency Report that lets us include additional information—like explanations of our process—and highlight stats. We’ve also added examples of nearly 30 actual requests we’ve received from governments around the world. For example, we have an annotation that gives a bit of descriptive information about our first government request from Kosovo, when law enforcement requested the removal of two YouTube videos showing minors fighting. If you’re looking for details on the content types and reasons for removal, use the Country explorer to dig into those details for each of the listed countries.

Our Transparency Report is certainly not a comprehensive view of censorship online. However, it does provide a lens on the things that governments and courts ask us to remove, underscoring the importance of transparency around the processes governing such requests. We hope that you’ll take the time to explore the new report to learn more about government removals across Google.

Posted by Trevor Callaghan, Director, Legal

Promoting transparency around Europe

When eight technology companies presented a plan this month to reform government surveillance, a key request concerned transparency. At Google, we were the first company to publish a transparency report detailing the requests we receive from governments around the world to bring down content or hand over information on users.

But Google’s report represents only a narrow snapshot. It is limited to a single company. Imagine instead if all the requests for information on Internet users and for takedowns of web content in a country could be published. This would give a much more effective picture of the state of Internet freedom. As the year draws to a close, we’re happy to report that Panoptykon, a Polish NGO, published this month a preliminary Internet transparency report for Poland and Fores, a Stockholm-based think tank, issued a study in Sweden.

In Poland and Sweden, we helped initiate these transparency efforts and supported them financially. NGOs in six other European countries are working on national transparency reports. Our Estonian-supported transparency coalition already published a report last spring. In addition, university researchers in Hong Kong moved ahead over the summer with their own report. In Strasbourg, the Council of Europe recently held an important conference on the subject and hopefully will move ahead to present a series of recommendations on transparency for its 47 members.

Each transparency campaign takes a different approach - we hope this process of experimentation will help all of us learn. The Estonian effort, titled Project 451, focuses on content removals, not government surveillance, because the authors believe this is the most important issue in their country. The name of Project “451″ refers to HTTP Status Code 451, defined as “unavailable for legal reasons” and the report found that many web platforms were taking legal content down due to fears of legal liability.

The new Polish and Swedish reports attempt to shed light on government requests for information on users. Fores contacted 339 Swedish authorities and found that more than a third had requested data about users or takedowns of user-uploaded content. Panoptykon uncovered that Polish telcos received 1.76 million requests for user information in 2012, while Internet companies polled received approximately 7,500. In addition, Panoptykon discovered that many Polish government requests for information on users were based on a flawed or unclear legal basis.

Admittedly, both the Swedish and Polish reports remain incomplete. Not all Internet companies participated. Much relevant data must be missing. Like with our own Google report, we hope to continue filling in the holes in the future. Our aim is to see this campaign gather momentum because the bottom line is transparency is essential to a debate over government surveillance powers.

Posted by William Echikson, Head of Free Expression, Europe, Middle East and Africa

Transparency Report: Government removal requests rise

Cross-posted with Official Google Blog

We launched the Transparency Report in 2010 to provide hard evidence of how laws and policies affect access to information online. Today, for the eighth time, we’re releasing new numbers showing requests from governments to remove content from our services. From January to June 2013, we received 3,846 government requests to remove 24,737 pieces of content—a 68 percent increase over the second half of 2012.

Over the past four years, one worrying trend has remained consistent: governments continue to ask us to remove political content. Judges have asked us to remove information that’s critical of them, police departments want us to take down videos or blogs that shine a light on their conduct, and local institutions like town councils don’t want people to be able to find information about their decision-making processes. These officials often cite defamation, privacy and even copyright laws in attempts to remove political speech from our services. In this particular reporting period, we received 93 requests to take down government criticism and removed content in response to less than one third of them. Four of the requests were submitted as copyright claims.

You can read more about these requests in the Notes section of the Transparency Report. In addition, we saw a significant increase in the number of requests we received from two countries in the first half of 2013:
  • There was a sharp increase in requests from Turkey. We received 1,673 requests from Turkish authorities to remove content from our platforms, nearly a tenfold increase over the second half of last year. About two-thirds of the total requests—1,126 to be exact—called for the removal of 1,345 pieces of content related to alleged violations of law 5651.
  • Another place where we saw an increase was Russia, where there has been an uptick in requests since a blacklist law took effect last fall. We received 257 removal requests during this reporting period, which is more than double the number of requests we received throughout 2012.

While the information we present in our Transparency Report is certainly not a comprehensive view of censorship online, it does demonstrate a worrying upward trend in the number of government requests, and underscores the importance of transparency around the processes governing such requests. As we continue to add data, we hope it will become increasingly useful and informative in policy debates and decisions around the world.

Posted by Susan Infantino, Legal Director