Google Play data security: A developer's guide
Aniruddh Singh
Founder - Sygitech | Tech Entrepreneur | Ex- IndiaMART | HCL Technologies | Monster
Google is a global leader and the cornerstone of technological advancement. Since Android is widely used and trusted, it makes sense that security litigation and management updates will become increasingly extensive over time.
August of this year saw some changes made by Google for global Android app developers and Play Store software. The update states that in order to add or update Android apps on Google Play, all Android developers will need to submit a declaration outlining their security and privacy practices for mobile apps. As the recent password breach in September showed, this can be a great step in terms of end-user security. After August, every new Android mobile app will have a "Data safety information" listing in Google Play outlining how it collects, stores, and shares user data.?
Giving false information could prevent Google Play mobile app submissions from being published, which would be detrimental to the development teams' and their clients' businesses. Android developers who are unfamiliar with the new Google Play safety requirements may find demonstrating compliance confusing. Hence, this article serves as a reference to comprehend the goal of the policy, the necessary disclosures, and other crucial information regarding this initiative.
Google's motive for the data safety section
To give users of mobile apps more information about how developers collect, share, and secure their data, Google started the Data Safety initiative. While the majority of developers examine mobile app data to fix bugs and enhance functionality, some sell user information to third parties without permission in order to make money.
Moreover, the recent explosion in mobile app activity has brought security and privacy issues to light. Hackers and other concerning threats now specifically target mobile apps with lax security and unsafe coding practices because activity on mobile apps has surpassed activity on desktops. Users are interested in learning whether mobile app developers consider security and privacy.
With the help of Google Play Data Safety, the 2.8 billion Android users can quickly decide which of the 3.5 million+ Android apps they can rely on. Similar to how nutrition labels help people make educated food choices, data safety information informs Android users about how apps use and store personal data.
Google Vice President, Product, Android Security and Privacy, Suzanne Frey recently wrote in a blog post, "We heard from users and app developers that displaying the data an app collects without additional context is not enough."?
Users want to know "what purpose their data is being collected for and whether the developer is sharing user data with third parties," she continued. According to her blog post, users are more interested than ever in learning how app developers are protecting user data after an app has been downloaded. For this reason, Google created the Data Safety Section, which enables developers to specify exactly what data is being collected and for what purposes.
Obligations for information disclosure?
The following information about their code and the third-party libraries their mobile apps use must now be disclosed by Android developers:
领英推荐
Will this be applicable to all developers??
Yes. In order for new and updated Android mobile apps to be uploaded to Google Play, developers must submit the mandatory data safety declarations. Developers must complete the form even if the mobile app does not collect user data.
Developers who do not submit a data safety form will have their apps marked in Google Play as "no information available" and may even be prevented from publishing them altogether. Google will also email developers to let them know that there are problems with the app that must be fixed before it can be approved.
How can programmers make their apps distinctive?
Developers of Android mobile apps are required to submit a data safety form for any new or updated apps, but they can go one step further by undergoing an optional independent security review to show their dedication to privacy and security. By preventing threats from getting to Google Play users' devices and enhancing app quality throughout the ecosystem, the App Defense Alliance (ADA) aims to keep them safe.
As a standard program for ensuring security and privacy, the ADA consortium developed the Mobile Application Security Assessment (MASA) program. This MASA verification process enables developers to confirm that their mobile apps adhere to an industry-wide mobile security standard because it is based on the Open Web Application Security Project's (OWASP) Mobile Application Security Verification Standard (MASVS).
Utilizing MASA, ADA labs test mobile apps for security and privacy to confirm that they adhere to a set of fundamental security standards. The OWASP Mobile Security Testing Guide (MSTG) is used by Authorised Labs mobile application security experts to evaluate whether the Android mobile app satisfies the following OWASP MASVS L1 requirements:
In the store listings, ADA MASA-verified mobile apps have an independent security review designation applied to the app's Google Play Data safety. This review process gives mobile apps a competitive advantage in Google Play by helping users identify which developers went above and beyond to protect users and safeguard trust.
Conclusion
The safety requirements for Google Play highlight the confidence users have in mobile app developers to protect their data.?
To avoid delaying approval and mobile app publication, mobile app developers must comprehend this new program and incorporate these steps into their workflow, taking into account the additional data required for submission.?
To validate a secure, high-quality build that stands out from the competition, mobile app developers should think about the advantages of getting an independent security review through an ADA MASA verification.