Feb 132013
 February 13, 2013  Breaches, Business

Dan Nolan writes:

About a month ago I put my money where my mouth was and built a version of the Paul Keating insult generator for Android (after the iOS version hit number 1 in the Australian App Store [tell your friends]). We sold a few hundred copies on Android in the last month, so that’s all good. Today I decided to log into my google play account to update my payment details. I jumped over to the ‘merchant account’ section to see the orders and realised one absolutely insane thing.

If you bought the app on Google Play (even if you cancelled the order) I have your email address, your suburb, and in many instances your full name. Each Google Play order is treated as a Google wallet transaction and as such software developers get all of the information (sans exact address) for an order of an app that they would get from the order of something physical. Even underneath the order information there is a flag that says ‘Email Marketing’ with a value next to it, because of course scrupulous developers would always obey that flag.

Let me make this crystal clear, every App purchase you make on Google Play gives the developer your name, suburb and email address with no indication that this information is actually being transferred.

Read more on Internet Hugbox.

via The Register, who, so far, has not gotten a reply from Google about Nolan’s claims.

UPDATE:  Google tells Reuters, “Google Wallet shares the information needed to process transactions, and this is clearly stated in the Google Wallet Privacy Notice.”

Sorry, the comment form is closed at this time.