Apple and Google to Broaden and Clarify Key Privacy Policies

Google stated that, on January 18, a day before the release of Chrome 88, it will require that every extension publicly display its privacy policies and developers will be limited with what they can do with the collected data. Meanwhile, Apple stated that its mandatory app privacy “nutrition labels” program applies to its own apps as well as those from third-party developers. Apple and Google also banned data broker X-Mode Social from collecting location information from mobile devices using their operating systems.

VentureBeat reports that the Chrome Web Store “hosts more than 250,000 extensions and themes with 4 million Chrome extensions downloaded every day” and that Chrome itself has 1+ billion users. Changes will impact users, developers and also businesses.

The first change, “means that Chrome users next year will determine which websites an extension can access when they browse the web” and that, once an extension permission is granted to access a website’s data, “that preference can be saved for that domain.” The second change, outlined last month, is that “each extension’s detail page in the Chrome Web Store will show developer-provided information about the data collected by the extension, in clear and easy to understand language.”

An updated data privacy policy is intended to ensure “the use or transfer of user data is for the primary benefit of the user and in accordance with the stated purpose of the extension,” and reiterates that “the sale of user data is never allowed.” Also prohibited is “the use or transfer of user data for personalized advertising … [and] the use or transfer of user data for creditworthiness or any form of lending qualification and to data brokers or other information resellers.”

The Verge reports that Apple’s clarification of its mandatory app privacy program is in “apparent response to criticism from WhatsApp … that the program unfairly favored Apple’s services.” For iOS apps not available in the App Store, such as Messages, the privacy information will be on Apple’s website. Apple, which had never said that its apps would be exempt from the privacy labels, stated that it thinks “labels should be consistent across first- and third-party apps as well as reflect the strong measures apps may take to protect people’s private information.”

The Wall Street Journal reports that, given new information about X-Mode Social’s national security work, both Apple and Google have banned the data broker “from collecting any location information drawn from mobile devices running their operating systems.” Both companies told “developers this week that they must remove X-Mode’s tracking software from any app present in their app stores or risk losing access to any phones running Apple’s or Google’s mobile operating systems.”

The news was first disclosed to “investigators working for Senator Ron Wyden (D-Oregon),” who probed the sale of location data to government entities.

Google told developers that, to avoid a ban from Google Play, they had seven days to remove X-Mode but that some could “ask for an extension of up to 30 days.” Apple gave developers two weeks to remove X-Mode trackers. This is the first time that a location data broker “has been targeted so directly.” Between them, Apple and Google “have an overwhelming market share of mobile phones globally.”

WhatsApp Accuses Apple of Double Standard on Data Privacy Labels, Engadget, 12/9/20