Sure, Android malware is a problem, but you’re much more likely to encounter a misbehaving legitimate app than an actual Android Trojan. Some apps request permissions that aren’t reasonable, like a flashlight app requiring access to your contacts list. Others don’t make clear that certain features require an in-app purchase (this problem also crops up on iOS devices). Pushy advertising networks can also be a problem. But this past Friday, Google announced to developers that these shady tactics will no longer be permitted.
Developer Anthony Farrior posted the message from Google. Among other things, it requires developers to “clearly disclose when an advertised feature in your app’s description requires in-app payment,” insists that “all advertising behavior must be properly attributed to, or clearly presented in context with the app it came along with,” and explains “what app promotion tactics are disallowed when promoting your app on Play.”
You can read the full Google developer policy online, if you wish, but you’ll probably learn more by checking out a blog post from Android Police. The post focuses specifically on the changes made in Friday’s updated policy.
A few of the items are minor. The ban on sexually explicit materials is clarified to include icons, titles, and descriptions. Where the old policy forbade developers to “transmit viruses, worms, etc.,” the new policy says they should not transmit or link to malware. Sneaky apps that would add links in your bookmarks or home screen were already banned; now they’re also banned from modifying links and settings.
The all-new section on app promotion should please users. It bans deceptive ads and unsolicited promotion via SMS. Developers are enjoined from tactics that cause “download of the app without informed user action.”
Have you ever downloaded a free game because the description sounded so great, and then found that the fun features you wanted are only available through in-app purchase? Going forward, Google requires developers to “clearly notify users that payment is required to access those features” right in the description. Those nasty ads whose source is unclear will also go away, because “It must be clear to the user which app each ad is associated with or implemented in.”
Fix It Now!
The new developer policy applies to all new apps and updates. Existing apps that don’t comply have to be fixed (or unpublished) within 15 days. “After this period,” said Google’s warning, “existing apps discovered to be in violation may be subject to warning or removal from Google Play.”
Does this mean that in two weeks Angry Birds will no longer overshare your data with advertisers? We’ll see. I didn’t see anything in the new policies about apps that transmit your data without encryption or leak your medical info. Apps will probably continue to request (and get) permissions that aren’t relevant to their function. This policy change from Google is a good start, but there’s more work to be done.