Back in May, Google announced that the Play Store was also getting App Store-style privacy labels, one-upping Apple's implementation by requiring extra information about customer security, if user data can be deleted, and whether permissions are optional or required. Like it or hate it, the new "safety section," as Google calls it, will be mandatory for all apps on the Play Store, kicking into gear in Q2 2022. And today, Google is sharing a few more specifics on precisely how it will work, what it might look like, and how developers can prepare.
Google is very clear that these mockups are "directional" and subject to change, so they may not be a 1-to-1 prediction of what the new safety section will look like next year. But barring any substantial change of plan, even Google admits they "may look like" the images below. At a minimum, they should generally describe what we should expect to see in broad strokes.
The new section looks like it should nestle between the "ratings & reviews" and "about this app" sections, and while we can't be sure of the precise layout just yet, it will describe in general terms how many types of data an app collects, whether an app follows specific security practices (like data encryption), if it observes the company's Families policy, and if any third-party agency has performed a security review.
Google's documentation and images for the feature alternately call it a "safety section," a "data privacy & security" section, and an "app privacy & security" section, and we're not entirely sure what heading it will ultimately appear under when the feature lands on the Play Store.
Again, specifics are subject to change, but Google claims users will be able to tap into a further, more detailed menu:
This extra summary states what sort of data is collected in precise terms, including things you'd expect based on app permissions like your location and contacts, while also seemingly including user-submitted details it might gather, and if financial information is taken — I assume this means separately from things like the Google Play billing API, and will apply to things like financial services apps. Take it with a grain of salt, but the image provided also shows if an app tracks user activity with things like ads, shares, or other metrics.
Google also says this more granular summary will require that developers explain how data is used — if, for example, it's a functional core part of the app or for personalization. On the same note, it will also explain whether data collection is optional or not.
Apple's privacy labels, for comparison.
In May, it sounded like Google was going for a slightly simpler approach with its take on these privacy and permissions disclosures compared to Apple's, whose two-category "data linked to you" and "data not linked to you" concept does seem a little confusing. I hesitate to pass judgment on a feature that isn't live yet, but if these images are accurate, I think Google's visual presentation of the information might be on the right track. The simple app listing overview gives you the information you need at a glance without overwhelming you or breaking things into unnecessary categories, while the nested sub-menus in the summary can offer more detailed and granular information for those that want more — seemingly the best of both worlds.
Previously, Google elicited feedback from developers for how to best implement this change, and the company claims that they appreciated the opportunity to provide more context surrounding precisely why and how data is being used. I personally know developers that have raged over negative reviews that complain about permissions being accessed without understanding how they're necessary for specific functionality, and this new section offers them an avenue to make that information known. Though it still probably won't stem the tide of poor-quality reviews complaining about dumb things, at least developers can point folks with questions somewhere, and customers can know what they're getting into, both when it comes to privacy and security.
Google's timeline hasn't changed, but a couple quarter-wide dates have been narrowed down to a specific month.
The new changes aren't mandatory until April 2022, but they are mandatory for all apps on the Play Store, and after it kicks in, developers that don't submit accurate information may see app submissions and updates rejected. To get a head-start, app-makers will be able to start submitting information for review in October of this year. The submission will take the form of a questionnaire, which should make it a little easier to do.
Google has more specific information for developers available in a help document (which we'll link to once it's published), detailing specifically how to mark things like data collection, data sharing, and other data disclosures, given things like end-to-end encryption and third-party services that can affect what a given app processes.