Google announces Play Store policy changes to counter misinformation, limit ads, and tighten security

The app landscape is always changing, and with it, app market owners have to adapt their policies to keep up. Today, Google announced a slew of Google Play Store policies that will take effect over the coming months, ranging from the minor to the very important. Some changes will only be noticed by developers, but some, such as opting out, should be immediately apparent to users.

If you have an app that may violate any of these policies, Google says that all new and existing apps will receive a minimum grace period of 30 days starting July 27, 2022 (unless otherwise specified) to comply with the following changes.

Google Play Store Policy Changes

USE_EXACT_ALARM Permission Restriction (Effective July 31, 2022)

The first policy change that will take effect will affect developers targeting API level 32, or Android 13. USE_EXACT_ALARM Permission with Android 13 beta 2. In order for an app to be approved for distribution on the Google Play Store, it must meet the following criteria.

  • Your app is an alarm clock app or a clock app.
  • Your app is a calendar app that displays notifications for upcoming events.

Google previously stated that this policy change would come when it announced the USE_EXACT_ALARM permission.

Limiting misinformation and impersonation (as of August 31, 2022)

The first policy change that will become effective and affect all users will limit the spread of misinformation and will aim to prevent identity theft. What is considered a violation of false health information is the following:

  • Misleading claims about vaccines, such as that vaccines can alter an individual’s DNA.
  • Advocating unapproved harmful treatments.
  • Advocating for other harmful health practices, such as conversion therapy.

For impersonation, the following is a violation of the new impersonation policy:

  • Developers incorrectly indicating a relationship with another company/developer/entity/organization.
  • Applications whose icons and addresses incorrectly indicate a relationship with another company/developer/entity/organization.
  • App titles and icons that are too similar to those of existing products or services that may mislead users.
  • Applications that falsely claim to be the official application of an existing entity. Titles like “Justin Bieber Official” are not allowed without necessary permissions or rights.
  • Apps that violate the Android trademark guidelines.

Google examples of impersonation

Better interstitial ads and easier opt-out (as of September 30, 2022)

Have you ever had to deal with a penny ad that seemed out of nowhere or stuck for too long? Google now limits how developers use it in their apps in order to improve the user experience. Google says that developers may not display ads in the following unexpected ways to users.

  • Full screen interstitial ads are not allowed in all formats (video, GIF, static, etc) that appear unexpectedly, usually when the user chooses to do something else.
    • Ads appearing during gameplay at the beginning of a level or during the beginning of a piece of content are not allowed.
    • Full screen video interstitial ads that appear before the application loading screen (splash screen) are not allowed.
  • Full screen interstitial ads in all formats that cannot be closed after 15 seconds are not allowed. Full-screen interstitial ads or full-screen interstitial ads that do not interrupt users in their actions (eg, after a score screen in a game app) may persist for more than 15 seconds.

As for making it easier to cancel subscriptions, it should now be easier for the user to cancel their subscription. It should be visible in the app’s account settings (or corresponding page) by including the following:

  • A link to the Google Play subscription center (for apps that use the Google Play billing system); wow
  • Direct access to your cancellation process.

You must respect the limitations of stalkers, apps using VPNS, and apps FLAG_SECURE

Which apps can be used to track people will always be controversial, but some believe that it may work as an effective parental tool. Others may want to use them so their family members can keep tabs on them while they are abroad, especially in situations where they may be in a dangerous or unsafe place. However, these tools are often rampant for abuse, and Google is introducing some changes to help reduce this. The ‘IsMonitoringTool’ metadata tag must also be declared, and monitoring apps must adhere to the following:

  • The apps should not present themselves as a secret spying or monitoring solution.
  • Apps must not disguise or disguise tracking behavior or attempt to mislead users about this functionality.
  • Applications must provide users with continuous notification at all times when the Application is running and a unique code that clearly identifies the Application.
  • Apps must disclose monitoring or tracking functions in the Google Play Store description.
  • App listings and apps on Google Play must not provide any means to activate or access functionality that violates these Terms, such as linking to an incompatible APK hosted outside of Google Play.
  • Applications must comply with any applicable laws. You are solely responsible for determining the legality of your application in its target language.

In the case of apps using VPNService, Google has long since cracked down on ad-blocking apps on the Play Store, including those that use VPNService to primarily filter ad servers only. Now the company says that apps that use VPNService and have VPN as their primary functionality can only create a secure device-level tunnel to a remote server. However, there are exceptions, and these include:

  • Parental control applications and enterprise management.
  • Track app usage.
  • Device security applications (eg, antivirus, mobile device management, firewall).
  • Network related tools (for example, remote access).
  • Web browsing applications.
  • Carrier applications that require the use of VPN functions to provide telephony or calling services.

VPNService should not be used to do the following:

  • Collect personal and sensitive user data without disclosing and prominent consent.
  • Redirect or manipulate user traffic from other applications on the device for monetization purposes (for example, redirecting advertising traffic through a different country than the user’s country).
  • Manipulating ads that can affect app monetization.

Finally, applications should now respect FLAG_SECURE. Applications should not facilitate or create solutions to override FLAG_SECURE settings in other applications either. FLAG_SECURE is what prevents some content from appearing in screenshots or on untrusted screens. Applications that qualify as access devices are excluded from this requirement, as long as they do not transmit, save, or cache FLAG_SECURE-protected content for access outside the user’s device.

Google cracks down on dodgy apps

It’s great to see Google cracking down on rogue apps, limiting Stalkerware capabilities and the like. However, there will obviously be regular apps caught in the crossfire as well, and there will always be when changes like this come into play. For example, would DuckDuckGo now be in trouble, as the app has a VPN that can kill ads at the device level?

Deceptive apps come in all shapes and sizes, and it’s also hard to selectively enforce policies that don’t affect perfectly reasonable apps. We’ll be sure to take a look at things and see if there are any other changes on the horizon for some of our favorite apps!

Source: Google

Across: Mishaal Rahman

#Google #announces #Play #Store #policy #counter #misinformation #limit #ads #tighten #security

Leave a Comment

Your email address will not be published.