InfoSecBulletin Cybersecurity for mankind
Google this week announced plans to increase the control that Android users have over their data by requiring developers to enable data deletion both from the app and online.
The initiative, expected to be enforced towards the end of the year, is part of a long-time initiative to improve user trust by requiring developers to provide clear information on their applications’ privacy and security practices.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
The new data deletion policy will offer increased control over user data by requiring developers to “provide an option to initiate account and data deletion from within the app and online,” Google explains.
The web requirement, which developers will have to link in their data safety form, will allow users to request account and data deletion without reinstalling the application.
Users can already access information on the available data deletion options in Google Play’s data safety section, but the upcoming option will make it easier for them to request data deletion.
“By creating a more intuitive experience with this policy, we hope to better educate our shared users on the data controls available to them and create greater trust in your apps and in Google Play more broadly,” Google says.
Once the new policy enters into effect, developers will have to delete both the account and the data associated with it when a request is received. However, users will be able to opt out of a complete account deletion and choose to have only selected data erased.
Developers will also need to clearly disclose data retention practices when certain data needs to be kept for legitimate reasons, including fraud prevention, security, or regulatory compliance.
As a first step, Google is requiring developers to submit responses to new data deletion questions in their applications’ data safety forms. The submission period ends on December 7.
The first changes brought by the new policy will begin to reflect in application listings in Google Play early next year. These will include a new data deletion area and a refreshed data deletion badge in the data safety section.
