A purchase on Google Play may leak your email address to developers - gHacks Tech News

A purchase on Google Play may leak your email address to developers

I use several email addresses for a variety of purposes. One for my Internet business, others for family matters, friends and online purchases. What I'm trying to do is limit the exposure of some email addresses on the Internet to avoid that they are being added to spam databases which would result in my inbox being flooded with spam messages.

According to one Android developer, a purchase on Google Play, Google's virtual store for all things Android, reveals not only your email address but also your full name and information about your location to the developer.

If you bought the app on Google Play (even if you cancelled the order) I have your email address, your suburb, and in many instances your full name.

The core issue here is privacy, for obvious reason. First, you are not asked if you want to reveal those information to the developer or at the very least get to pick an email address and maybe an alias when there is no way around it. Second, you do not know that your information are revealed and for some users, it may explain the increase in spam they have received in recent time.

Even if most developers either do not know that those information are available or do not abuse them in any form, there will certainly be some developers who either sell the information to advertising agencies and marketers, or use them for email marketing purposes of their own.

Besides marketing, developers can also use the information to contact users who have left negative reviews on their sites, or harass them in other ways, for instance by signing them up for newsletters and other databases. The majority of developers won't abuse the system, but since there are so many developers out there, the likelihood is high that some do.

At the very least, Google should inform users before they make a purchase. This can be done similarly to how app permissions are displayed before installation.

It needs to be noted that this is reported by a single Android developer right now. It is not clear why this has not come to light earlier.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Qliphah said on February 13, 2013 at 2:04 pm
      Reply

      How much trouble is it for another dev to login and check? Really 18 hours and the only reply on his tumblr is “sunili said: Dan. You’re the man. #Dan.

      I’m pretty sure this would have come to light LONG ago is this were true. Really you shouldn’t base your posts on single source unconfirmed rumors….

      1. Martin Brinkmann said on February 13, 2013 at 2:22 pm
        Reply

        I thought I made it clear that this is based on one developer. I’d say that more devs may come forward to either confirm or deny the story. I have added a “may” to the title to make it clearer.

    2. BobbyPhoenix said on February 13, 2013 at 5:02 pm
      Reply

      Also I thought as of recently now all purchases/reviews are linked to your G+ account anyway? Not that it matters to me. A quick search can find a name, address, and phone number. Not sure why an email would be needed to keep secure for Play Store Devs. Doesn’t Google have that anyway? I mean your Play Store account is tied to your Gmail acocunt which is your email address?

      BTW – I just found out that hundreds of thousands of people have my name, address, and phone number. There seems to be a book going around with everyone’s info, and it’s even delivered to your door. Something called the white and yellow pages! LOL (read that somewhere. made me laugh)

    3. Pablo said on February 14, 2013 at 2:44 am
      Reply

      Martin, is it possible to use an alternative gmail address for Google Play purchases? I think you can add additional accounts on Android, maybe you can use one of them for Google Play purchases. Sure, Google would still get all the info about you, but at least it would limit exposure of your “main” gmail address to app developers.

      1. Martin Brinkmann said on February 14, 2013 at 2:59 am
        Reply

        I do not really know. Wish I had a dev account to test all of this.

    4. lone Gulp 2 said on November 3, 2017 at 9:12 pm
      Reply

      U no wut? Ok i just baught an app and then less than 20 minutes later got the first spam ever at the play store account addy.

    Leave a Reply