View Single Post
Old 25 May 2022, 12:34 AM   #9
SideshowBob
Essential Contributor
 
Join Date: Jan 2017
Posts: 236
Quote:
Originally Posted by Folio View Post
and the related Hacker News discussion:

https://news.ycombinator.com/item?id=31434372
From that link:

Quote:
If you read the details of the Play Store complaint, you will see that they say the app was uploading information from the user's contact list without properly disclosing to the user that this was happening [1]. This is a violation of Play Store policy (a disclosure is required). It's not an unreasonable policy.

You can see in the app's source code where some of this happens [2]. In short, the contact list is read off the device, email addresses associated with each contact are parsed out, and the app does HTTP requests to remote servers to get the favicon associated with each email contact domain. Note that this is the sending of information off each user's contact list (the email address domains) to those remote servers. As such, it requires a disclosure to the user.

The developer's response is that he refuses to add a disclosure to the app because he is not uploading "contact info". [3]. Ok... not a great response. Certainly I would expect apps to disclose whether or not they are using any information on my contact list to reach out to third-party servers, even if only domain names. In any case, it's Play Store policy.

In the end, he finally removed the favicon feature. And Play agreed to allow the app back into the store. [4] But he has not yet backed down on shutting down the whole project because he's still upset.
SideshowBob is offline   Reply With Quote