Google is cracking down on unwanted and harmful Android apps with a new effort that will show warnings on applications and on third-party websites distributing apps that collect personal data without user consent.
The effort is an expansion of the Google Safe Browsing team’s mission to enforce the company’s recently updated Unwanted Software Policy for Android devices, announced in August. Starting at the end of January, Google said it will begin delivering warnings to users of apps and websites deemed in violation of its policies.
Google’s privacy push comes after a busy year of booting apps from its Google Play marketplace that violate user privacy. Last week, the Google Play Protect pulled spyware called Tizi found on apps inside the Google Play marketplace. In August, three messaging apps in the Google Play store contained spyware called SonicSpy were also removed. And most recently, Google banned apps that display ads Android lock screens.
Google said it would enforce its Unwanted Software Policy even under scenarios that included analytics and crash reporting. “The list of installed packages unrelated to the app may not be transmitted from the device without prominent disclosure and affirmative consent,” Stanton said.
Third-party app stores and developers that distribute apps via Google Play will be given guidelines on how to handle privacy warnings and disclosures to users. Apps or websites in violation are subject to the same Safe Browsing warnings and appeals process that websites face.
It’s unclear how the Google Safe Browsing team will enforce these new rules on rogue third-party sites and developers. Google Safe Browsing is a blacklist service that works with Chrome, Firefox and Safari that visually warns people if a potential threat lurks on a site a user is about to visit.
This past year Google has made strides to shore up the Android ecosystem, from the Google Play marketplace to devices themselves.
In May, Google introduced Play Protect, a new security feature that maintains some oversight on content downloaded to Android devices. For example, previously downloaded apps can be continually scanned for malicious behaviors as a counter to developers who push benign apps to Google Play that later connect and download malicious components. This also helps provide a line of defense against apps downloaded from third-party stores that aren’t subject to Google’s malware scanners.