Over at his Internet Hughbox blog, Dan Nolan raised a startling and huge privacy issue for Google Play users. After developing an Android app, Nolan found that Google had shared with him the sensitive personal information of purchasers of his app:
"I jumped over to the ‘merchant account’ section to see the orders and realised one absolutely insane thing. If you bought the app on Google Play (even if you cancelled the order) I have your email address, your suburb, and in many instances your full name. Each Google Play order is treated as a Google wallet transaction and as such software developers get all of the information (sans exact address) for an order of an app that they would get from the order of something physical."
While the personal data shared includes a flag whether or not the consumers wants to receive marketing offers via email, Nolan wonders how many app developers will comply with that. The implications of this detailed data sharing:
"... I could track down and harass users who left negative reviews or refunded the app purchase... This is a massive oversight by Google. Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it..."
"... the data-sharing was intentional. Google designed its platform so that people who purchase apps do so from the developer. That model differs from the iTunes platform, where people purchase apps from Apple."
And, the Chicago Tribune reported:
"... Joel Reidenberg, Director of the Center on Law and Information Policy at Fordham University School of Law, said Google and other online and mobile services needed to be more transparent about what personal information was being shared with third-party firms."
Well said Mr. Nolan. Users should always be in control, with programs asking users to opt-in. Too many websites do the opposite: automatically include users and force users to opt-out.
Some app developers may use this personal information responsibly to provide product support and service, while others may not. Already, there are problems with consumers getting harassed about negative reviews posted online. Some physicians already try to stifle online discussion by forcing their patients to sign a "Mutual Agreement To Maintain Privacy" contract, which prohibits patients from posting negative comments on social networking websites.
Positive and negative reviews are part of a healthy, functioning marketplace, that helps users make informed choices. A 2011 survey found that 89% of consumers said they found online reviews trustworthy.