Google ‘flaw’ puts users’ details on display
EVERY time you purchase an app on Google Play, your name, address and email is passed on to the developer, it has been revealed.
The “flaw” – which appears to be by design – was discovered by Sydney app developer, Dan Nolan who told news.com.au that he was uncomfortable being the custodian of this information and that there was no reason for any developer to have this information at their finger tips.
You may remember Mr Nolan as the creator of the Paul Keating insult generator all that hit number one in the Aussie App Store last month.”
“Let me make this crystal clear, every App purchase you make on Google Play gives the developer your name, suburb and email address with no indication that this information is actually being transferred,” Nolan wrote on his blog.
“With the information I have available to me through the checkout portal I could track down and harass users who left negative reviews or refunded the app purchase.”
Harrassment aside, the problems posed by malware – “virus” programs that infect your phone, or computer and steal your personal details – are far more serious.
With Google customers’ details just sitting in developers accounts, all it would take is a half decent piece of malware software for that information to be accessed. These personal details could then be used to access the users’ bank details. That’s also more than enough information to be able to access your other devices which could also be mined for more data – insurance information, other credit cards - which could then be used to access your banking credentials.
Mr Nolan told News.com.au that tens of millions of Google customers could be affected.
“As far as I can tell this impacts every person who purchased an App on the Play Store,” he said.
“I can’t see any way to opt out of providing that information and it seems to be a feature of the Google checkout process. I don’t know whether it applies to free apps, but there are hundreds of thousands of apps that are available for pay on the play store and there are millions of people who buy Android apps out there, I’d say easily millions or tens of millions of people.
Read more: http://www.news.com.au/technology/massive-google-security-flaw-puts-users-details-on-display-for-all-to-find/story-e6frfro0-1226577210852#ixzz2Kw7s2qs9