Google has once again tightened restrictions on the acceptable behaviour of Android apps distributed through the Play store, narrowing promotional design, forcing in-app payments to be made clearer, and widening the definition of spyware to catch abuse.
In an email explaining the new Developer Program Policies, Google explained that apps failing the new rules would have 15 days from 28 March to comply or face removal from the store.
New restrictions include some that critics argue should have been introduced some time ago, including clearly explaining to users where additional app features will require payment.
“Developers must not mislead users about the apps they are selling nor about any in-app services, goods, content or functionality they are selling. If your product description on Google Play refers to in-app features to which a specific or additional charge applies, your description must clearly notify users that payment is required to access those features,” to quote Google’s policy in full.
Other obvious abuses targeted include unsolicited promotion via SMS, the use of deceptive web ads linked to through apps and downloading new apps without user consent.
An interesting new limitation is on apps that collect data on the location of users without their knowledge. This is an almost endemic problem in many legitimate apps but it is far from clear that this kind of tweak will make much difference; apps can simply state that they collect this data during installation safe in the knowledge that most users don’t read permissions carefully.
With Google’s app rules getting longer and more specific all the time it remains to be seen whether these new rules stop more general abuses. Changing the rules is one thing but it needs to be policed in almost real time to make a difference. Google has introduced policy restrictions in the past only for rogue developers to find ways around them.
Within the last week, Google pulled apps that were conducting hidden bitcoin mining, re-packaged inside apparently legitimate software. In February, a report by RiskIQ counted 42,000 malicious apps available for download from the Play store during 2013, a significant rise compared to two years earlier.
Around the same time, HP reported that even spotting rogue apps could depend on which mobile antivirus program was being used.