Google Play ‘flaw’ puts users’ personal data on display

“Every time you purchase an app on Google Play, your name, address and email is passed on to the developer, it has been revealed,” Claire Porter reports for The Herald Sun. “The ‘flaw’ – which appears to be by design – was discovered by Sydney app developer, Dan Nolan who told news.com.au that he was uncomfortable being the custodian of this information and that there was no reason for any developer to have this information at their finger tips. ‘Let me make this crystal clear, every App purchase you make on Google Play gives the developer your name, suburb and email address with no indication that this information is actually being transferred,’ Nolan wrote on his blog. ‘With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase.'”

“Harrassment aside, the problems posed by malware – ‘virus’ programs that infect your phone, or computer and steal your personal details – are far more serious. With Google customers’ details just sitting in developers accounts, all it would take is a half decent piece of malware software for that information to be accessed. These personal details could then be used to access the users’ bank details. That’s also more than enough information to be able to access your other devices which could also be mined for more data – insurance information, other credit cards – which could then be used to access your banking credentials,” Porter reports. “Mr Nolan told News.com.au that tens of millions of Google customers could be affected.”

Porter reports, “‘In comparison to the information you get from Apple which is just a quantity of sales in a Country and then a cheque three months later, this is absolutely absurd,’ he said.”

Read more in the full article here.

MacDailyNews Take: “Open.”

[Thanks to MacDailyNews Reader “RPO” for the heads up.]

Related articles:
Security researcher labels nearly 300,000 Google Play Android apps as ‘high-risk’ – November 1, 2012
FBI’s Android security warning means Apple’s iPhone beats Android for BYOD enterprise – October 16, 2012
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010