Google's Play store is being assailed online by an Australian software developer who alleges that the company is sharing too much personal information about buyers who come to the Google Play store to purchase apps.
The developer, Dan Nolan, wrote in a Feb. 13 post on his Internet Hugbox blog that he accidentally discovered the issue when he logged in to his Google Play merchant account to update his payment details.
What Nolan discovered there angered him so much that he titled his post "Massive Google play Privacy Issue" and described it in detail.
Nolan said that in his merchant account he could see the email addresses, cities and in many cases the full names of the people who bought his app through the store, even if they had cancelled their orders.
"Each Google Play order is treated as a Google wallet transaction, and as such, software developers get all of the information (sans exact address) for an order of an app that they would get from the order of something physical," wrote Nolan.
The problem, he wrote, is that developers don't need such information and shouldn't be getting it because that is private data that shouldn't be shared.
"With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase," he wrote. "This is a massive oversight by Google.
"Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it and it's made crystal clear to them that I'm getting this information," he wrote. "This is a massive, massive privacy issue, Google. Fix it. Immediately."
Nolan has not responded to a request for additional comment from eWEEK.
Nolan's app, the Paul Keating Insult Generator, is a parody app which generates random phrases of words that are jokingly described as being from former Australian Labor Prime Minister Paul Keating, who had his way with words. The app is also available in the Apple Store. "Mr. Keating has not uttered these phrases himself," stated the description of the app in the Apple Store. "Mr. Keating has not authorized this application and has no association with it. Much like the Australian population, we think it would be great to have such a magnificent orator back in politics."
So what's up with Google's privacy policies as they related to the Play store? A close look at Google's privacy policies for the Play store and for the Google Wallet service that conducts the transactions shows that the policy that Nolan writes about has been in existence for some time.
The sign-up process for Google Wallet tells prospective users that they will need to share some basic information with merchants to conduct their transactions. In addition, merchants who are signed up to use Google Wallet to make their sales are required to sign two different agreements in which they are bound to protect the private information of their clients, according to Google.
Other online payment services, including PayPal, have similar information-collection processes.