InfoSecBulletin Cybersecurity for mankind
Google this week announced plans to increase the control that Android users have over their data by requiring developers to enable data deletion both from the app and online.
The initiative, expected to be enforced towards the end of the year, is part of a long-time initiative to improve user trust by requiring developers to provide clear information on their applications’ privacy and security practices.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
The new data deletion policy will offer increased control over user data by requiring developers to “provide an option to initiate account and data deletion from within the app and online,” Google explains.
The web requirement, which developers will have to link in their data safety form, will allow users to request account and data deletion without reinstalling the application.
Users can already access information on the available data deletion options in Google Play’s data safety section, but the upcoming option will make it easier for them to request data deletion.
“By creating a more intuitive experience with this policy, we hope to better educate our shared users on the data controls available to them and create greater trust in your apps and in Google Play more broadly,” Google says.
Once the new policy enters into effect, developers will have to delete both the account and the data associated with it when a request is received. However, users will be able to opt out of a complete account deletion and choose to have only selected data erased.
Developers will also need to clearly disclose data retention practices when certain data needs to be kept for legitimate reasons, including fraud prevention, security, or regulatory compliance.
As a first step, Google is requiring developers to submit responses to new data deletion questions in their applications’ data safety forms. The submission period ends on December 7.
The first changes brought by the new policy will begin to reflect in application listings in Google Play early next year. These will include a new data deletion area and a refreshed data deletion badge in the data safety section.
