Tracking apps have, understandably, taken on new relevance in light of the COVID-19 pandemic. From the moment people noticed that Apple and Google had added the tracking capability to their phones, they started asking how the contact tracing could be disabled. That particular debate continues three months on. However, for many, it wasn’t the specter of government-approved contact tracing apps that worried them most. Instead, it’s the genuine threat from so-called stalkerware apps to survivors of domestic abuse that continues to concerns them. Now Google is taking the ban hammer to certain tracking apps by correcting what it calls a typo in its stalkerware policy for developers.
With effect October 1, the Google Play developer program policy is being updated as it relates to stalkerware apps. In a notification of the update to Google Play policies, Google has announced that the misrepresentation and gambling apps policies are both being updated. It also stated that “we’re correcting a typo in our stalkerware policy.”
That typo turns out to be quite a significant one. The existing policy states that stalkerware apps cannot be used by parents to track their children, but can be used to “track a person, a spouse, for example.” The revised policy, which takes effect October 1, will state that “acceptable forms” of stalkerware apps can be used by parents to track their children, but “cannot be used to track a person (a spouse, for example) without their knowledge or permission unless a persistent notification is displayed while the data is being transmitted.”
There must remain some concern that rogue developers will attempt to pass spouse-tracking apps as child-tracking ones to bypass the new rules. However, the new policy does state that only those apps that are “policy compliant” and “exclusively designed and marketed” for parental monitoring, or enterprise management, can be distributed on the Play Store if they have tracking and reporting functions. Again, the enterprise management inclusion could be seen as a cause for concern here.
Still, the Google policy document goes on to state that apps which monitor or track a user’s behavior must not be presented as a “secret surveillance” program, must not cloak the tracking behavior, must not mislead a user about this functionality, and must present the user with a “persistent notification” along with a unique icon to identify the app clearly. All apps that do not meet the new requirements should be removed by their developers by October 1, and Google will remove any that are not.
The policy changes should deal with those apps passing themselves off as parental control solutions but can actually be used to stalk vulnerable people, not least because the persistent tracking notification has to be displayed even in the parental control scenario.