Google requires valid data protection declarations for applications

Google has required service providers that develop apps for the Play Store to properly and transparently handle user data. Specifically, it’s about apps that integrate the SDK from British data dealer Huq. Huq provides its customers with what’s called turnout data – commuting data that shows how people move in a particular area.

If a developer integrates the Huq SDK into their application, the user must be explicitly asked to consent to the recording of location data before setting up this application. Developers who failed to do so are now threatening to remove their apps from the Play Store, according to Google, News Portal Reports BBC online.

The Huq SDK is in applications that provide location-based information, such as weather applications or warning radar. However, the SDK is also hidden in mobile applications where the location does not matter, for example in yoga applications, payroll calculators, or applications that convert videos to MP3 files. Most of the time these are apps that don’t cost any money. Instead, the business model of these apps is based on the fact that user data is logged.

Billions in business with user data

Huge data sets with traffic data from countless individuals are used, for example, by consumer goods providers to plan retail outlets. Huq reports that it evaluates about 1 billion data points from over 160 countries every day. Where exactly this data comes from is still open.

Huq requires its partners, app developers, to report and cooperate in a data protection declaration for their app. The data merchant prescribes a detailed English language text for this purpose. In this text, users of the application are assured that their data will be processed anonymously. However, research conducted by Danish television broadcaster TV2 this summer showed how easy it is to identify a single person from their recorded motion data.

It can be recognized by individuals

According to a TV2 report, Huq possesses location data from more than 60,000 Danish cellphones. The broadcaster hired an analytics company to purchase and analyze the data. Although Haq asserts that individuals cannot be identified on the basis of data sets, station journalists have succeeded in allocating data sets to individuals. The report mentions 66-year-old Dane Otto Jensen, who can create a full motion profile based on Huq data.

In October of this year, consumer protection portal AppCensus published a report stating that even seemingly harmless apps systematically record detailed traffic histories of their users. AppCensus analysis also revealed cases where the Huq SDK uploaded traffic profiles to a data merchant’s server even if users had previously intercepted it.

Google Image Corruption

Basically, it is the responsibility of app developers to publish their apps with correct data protection ads and protect their users from misuse of their data. On the other hand, Google has always been criticized as a “data octopus”. With the announcement that apps with questionable processing of the Huq SDK have been removed from the Play Store, it appears that Google wants to improve its image.

(bi)