Google offers privacy audit tool for mobile app developers • The Register



Google’s internal incubator, Area 120, introduced a service called Checks to help mobile app developers understand how their apps manage data and automate privacy compliance.

Mobile app makers can sign up for Checks, currently in beta testing, and have their apps scanned to generate data usage statements for app stores to see how their privacy policies comply. legal obligations and to understand how their apps and any built-in software development kits (SDKs) collect and manage data in light of stated permissions.

“We’ve heard from developers that it’s difficult to keep pace with app store regulatory and policy changes, and how those changes apply to their apps,” said the Check co-founders, Nia Castelly and Fergus Hurley, in a blog post. “Checks helps developers gain the confidence to make informed decisions by identifying potential compliance issues, providing clear, actionable information in plain language, and providing links to relevant resources.”

SDKs — libraries added to apps to help serve ads and perform other functions — pose a potential privacy and security issue because their code may be untrustworthy. These add-ons, popular for presenting advertisements and performing other revenue-generating functions in mobile apps, have been implicated in location data harvesting and other forms of data plunder. Therefore, developers who care about legal compliance are likely to welcome Checks visibility promises.

“[SDKs] can change their functionality at any time, sometimes without the knowledge of the app developer,” explain Castelly and Hurley. “Checks helps mobile app developers using SDKs by detecting changes in their app’s data sharing practices and then sending them an automated alert. »

Checks is primarily focused on Android apps: it’s intended to help Android developers properly report data usage for the new Privacy and Data Security section coming to Google Play in April 2022. The service provides instructions for setting up a Checks account with Android apps and note that the Checks SDK tracking feature requires the Android Gradle plugin in Android Studio.

Checks consists of a store disclosure authoring tool, a store disclosure monitoring tool, and compliance monitoring and data monitoring services.

Data monitoring examines permissions, data collection and sharing, in application code and SDKs. The Check website suggests that iOS developers with similar Android apps use their Android app data monitoring report to anticipate what iOS customers would see when viewing their iOS device’s app privacy report.

The Checks compliance service – which is paid for – mentions that it covers iOS apps but does not disclose details.

Checks has a free tier that provides app analytics, which developers can use to populate the Privacy and Data Security section of Google Play.

There are also Core ($249/app per month), Premium ($499/app per month), and Enterprise (price on request) tiers that offer compliance monitoring for US privacy rules (CCPA, COPPA ), in the EU (GDPR), Brazil (LGPD) and Google Play Store Developer Guidelines. Per-app charges cover both Android and iOS apps, but it’s unclear how iOS apps are monitored.

Although rather expensive, Google declines the service’s recommendations. “Checks does not provide legal advice or conclusions regarding your app or your privacy practices,” the company says. The Chocolate Factory also insists that Checks only uses public data, does not collect or store any data, and does not share its analytics reports with Google Play.

Google did not immediately respond to a request to clarify which aspects of Checks work with iOS apps and whether broader iOS support could be expected in the future. ®

Source link


Comments are closed.