Apr 06, 2023Ravie LakshmananPrivacy / Mobile Security
Google is enacting a new data deletion policy for Android apps that allow account creation to also offer users with a setting to delete their accounts in an attempt to provide more transparency and control over their data.
"For apps that enable app account creation, developers will soon need to provide an option to initiate account and data deletion from within the app and online," Bethel Otuteye, senior director of product management for Android App Safety, said.
"This web requirement, which you will link in your Data safety form, is especially important so that a user can request account and data deletion without having to reinstall an app."
The goal, the search behemoth said, is to have a "readily discoverable option" to initiate an app account deletion process from both within an app and outside of it.
To that end, developers are to provide users with an in-app path as well as a web link resource to request app account deletion and associated data. Should users submit such a request, it's required of app developers to purge all data associated with that account.
In addition, users may be provided with alternatives to selectively delete only portions of the data (e.g., activity history, images, or videos) instead of entirely deleting their accounts.
Developers who wish to retain certain data for valid reasons such as security, fraud prevention, or regulatory compliance are mandated to disclose such data retention practices upfront.
"Temporary account deactivation, disabling, or 'freezing' the app account does not qualify as account deletion," Google explicitly spells out.
The new policy is expected to go into effect early next year, with developers having time till December 7, 2023, to submit answers to new Data deletion questions in the app's Data safety form. Developers can file for an extension until May 31, 2024.
Learn to Secure the Identity Perimeter - Proven Strategies
Improve your business security with our upcoming expert-led cybersecurity webinar: Explore Identity Perimeter strategies!Don't Miss Out – Save Your Seat!
The development also puts Android in line with Apple's iOS and iPadOS operating systems, which instituted a similar policy starting June 30, 2022. It, however, doesn't require that users should be able to delete their accounts via the web as well.
That said, it remains to be seen if any enforcement actions will be taken if a developer fails to follow the rules. Earlier this year, Mozilla called out Google after discovering serious discrepancies between the top 20 most popular free apps' privacy policies and the information they self-reported in the Play Store.
from The Hacker News https://bit.ly/3KEW71e