Google aims to reduce data theft with app data and account deletions

Google has made multiple security improvements to the general operation of apps over the last 12 months or so. It’s now a little easier to understand what apps want from you. Labels which indicate a level of trustworthiness for developers. Changes made to ensure old, abandoned apps will no longer appear for download on the Play store.

Now the focus is on data collection, or to be more accurate, data deletion. Google wants people to be able to scrub data associated with an app. This counts for data inside of the application itself, but also out there on the web.

A farewell to app data?

Many apps require you to create an account, and very often those accounts are pinned to websites. This is particularly common with regard to video game apps, but can be a requirement for pretty much anything you choose to install depending on the developer’s needs.

From the Google announcement:

For apps that enable app account creation, developers will soon need to provide an option to initiate account and data deletion from within the app and online. This web requirement, which you will link in your Data safety form, is especially important so that a user can request account and data deletion without having to reinstall an app.

If you’re wondering, Google’s Data Safety Form is a way for developers to inform their users about how their data is used, collected, shared, and so on. All of the developer’s primary safety and privacy practices are listed here. Everything from what the developer itself does to how associated third-party entities work alongside them should be included.

Total account and data deletion

If an app user decides they no longer want anything to do with an application, there is now a way to ensure everything is gone forever. No more remnant accounts sitting around, potentially waiting to be compromised after a long period of abandonment.

From the release:

As the new policy states, when you fulfill a request to delete an account, you must also delete the data associated with that account. The feature also gives developers a way to provide more choice: users who may not want to delete their account entirely can choose to delete other data only where applicable (such as activity history, images, or videos). For developers that need to retain certain data for legitimate reasons such as security, fraud prevention, or regulatory compliance, you must clearly disclose those data retention practices.

As with so many changes of this nature, nothing is happening just yet. Developers have been given some time to get their houses in order if necessary, and submit their comments in relation to the proposed changes. They have from now until the beginning of December to do this. However, an extension is possible if needed which could give them until the end of May 2024. Either way, changes reflecting this new policy won’t kick in until somewhere around the beginning of next year.

As a device user there’s not much you can do about this for now. It’s squarely a heads up for developers to take a long look at the data they collect, and how to dispose of it when the app users feel that it’s no longer needed. Other major store owners are moving to similar policies, and this can only be a good thing for helping to reduce the threat of data theft.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.