A purchase on Google Play may leak your email address to developers

Martin Brinkmann
Feb 13, 2013
Updated • Feb 13, 2013
Google Android

I use several email addresses for a variety of purposes. One for my Internet business, others for family matters, friends and online purchases. What I'm trying to do is limit the exposure of some email addresses on the Internet to avoid that they are being added to spam databases which would result in my inbox being flooded with spam messages.

According to one Android developer, a purchase on Google Play, Google's virtual store for all things Android, reveals not only your email address but also your full name and information about your location to the developer.

If you bought the app on Google Play (even if you cancelled the order) I have your email address, your suburb, and in many instances your full name.

The core issue here is privacy, for obvious reason. First, you are not asked if you want to reveal those information to the developer or at the very least get to pick an email address and maybe an alias when there is no way around it. Second, you do not know that your information are revealed and for some users, it may explain the increase in spam they have received in recent time.

Even if most developers either do not know that those information are available or do not abuse them in any form, there will certainly be some developers who either sell the information to advertising agencies and marketers, or use them for email marketing purposes of their own.

Besides marketing, developers can also use the information to contact users who have left negative reviews on their sites, or harass them in other ways, for instance by signing them up for newsletters and other databases. The majority of developers won't abuse the system, but since there are so many developers out there, the likelihood is high that some do.

At the very least, Google should inform users before they make a purchase. This can be done similarly to how app permissions are displayed before installation.

It needs to be noted that this is reported by a single Android developer right now. It is not clear why this has not come to light earlier.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. lone Gulp 2 said on November 3, 2017 at 9:12 pm

    U no wut? Ok i just baught an app and then less than 20 minutes later got the first spam ever at the play store account addy.

  2. Pablo said on February 14, 2013 at 2:44 am

    Martin, is it possible to use an alternative gmail address for Google Play purchases? I think you can add additional accounts on Android, maybe you can use one of them for Google Play purchases. Sure, Google would still get all the info about you, but at least it would limit exposure of your “main” gmail address to app developers.

    1. Martin Brinkmann said on February 14, 2013 at 2:59 am

      I do not really know. Wish I had a dev account to test all of this.

  3. BobbyPhoenix said on February 13, 2013 at 5:02 pm

    Also I thought as of recently now all purchases/reviews are linked to your G+ account anyway? Not that it matters to me. A quick search can find a name, address, and phone number. Not sure why an email would be needed to keep secure for Play Store Devs. Doesn’t Google have that anyway? I mean your Play Store account is tied to your Gmail acocunt which is your email address?

    BTW – I just found out that hundreds of thousands of people have my name, address, and phone number. There seems to be a book going around with everyone’s info, and it’s even delivered to your door. Something called the white and yellow pages! LOL (read that somewhere. made me laugh)

  4. Qliphah said on February 13, 2013 at 2:04 pm

    How much trouble is it for another dev to login and check? Really 18 hours and the only reply on his tumblr is “sunili said: Dan. You’re the man. #Dan.

    I’m pretty sure this would have come to light LONG ago is this were true. Really you shouldn’t base your posts on single source unconfirmed rumors….

    1. Martin Brinkmann said on February 13, 2013 at 2:22 pm

      I thought I made it clear that this is based on one developer. I’d say that more devs may come forward to either confirm or deny the story. I have added a “may” to the title to make it clearer.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.