Distributive policy

Google announces Play Store policy changes to counter misinformation, limit ads and strengthen security

The app landscape is constantly changing and with it, app market owners must adapt their policies to keep pace. Google today announced a ton of Google Play Store policies that will be enacted over the next few months, ranging from minor to quite significant. Some changes will only really be noticed by developers, but some, like subscription cancellations, should hopefully be immediately apparent to users.

If you have an app that may violate any of these policies, Google says all new and existing apps will be given a grace period of at least 30 days from July 27, 2022 (unless otherwise specified) to comply with the following changes.

Google Play Store Policy Changes

Restriction of USE_EXACT_ALARM permission (effective July 31, 2022)

The first policy change that will go into effect will affect developers targeting API level 32, or Android 13. Google has introduced the USE_EXACT_ALARM clearance with Android 13 beta 2. In order for the app to be approved for distribution on the Google Play Store, it must meet the following criteria.

  • Your app is an alarm app or a clock app.
  • Your app is a calendar app that shows notifications for upcoming events.

Google previously said this policy change would come when it announced the USE_EXACT_ALARM permission.

Limit health misinformation and identity theft (effective August 31, 2022)

The first policy change that will go into effect and affect all users will limit the spread of health misinformation and aim to prevent identity theft. What is considered a violation of health misinformation is the following:

  • Misleading claims about vaccines, such as that vaccines can alter a person’s DNA.
  • Advocacy for harmful and unapproved treatments.
  • The promotion of other practices harmful to health, such as conversion therapy.

With respect to impersonation, the following are considered a violation of the new impersonation policy:

  • Developers who falsely imply a relationship with another company/developer/entity/organization.
  • Applications whose icons and titles falsely imply a relationship with another company/developer/entity/organization.
  • App titles and icons are so similar to those of existing products or services that users may be misled.
  • Applications that falsely claim to be the official application of an established entity. Titles like “Justin Bieber Official” are not allowed without the necessary permissions or rights.
  • Apps that violate Android’s brand guidelines.

google impersonation examples

Better interstitial ads and easier subscription termination (effective September 30, 2022)

Have you ever had to deal with an interstitial ad that seemed to come out of nowhere or stuck around too long? Google now limits how developers can use them in their apps to improve user experience. Google says developers can’t display ads in the following ways users might not expect.

  • Full-screen interstitial ads of any format (video, GIF, static, etc.) that display unexpectedly, usually when the user has chosen to do something else, are not allowed.
    • Ads that appear during gameplay at the start of a level or at the start of a content segment are not permitted.
    • Full-screen interstitial video ads that appear before an app’s loading screen (splash screen) aren’t allowed.
  • Full-screen interstitial ads of any format that cannot be closed after 15 seconds are not allowed. Full-screen interstitials that are enabled or full-screen interstitials that do not interrupt user actions (for example, after the score screen in a game application) may persist for longer than 15 seconds.

As for the easier termination of subscriptions, it should now be easy for a user to terminate their subscription. It should be visible in the app’s account settings (or equivalent page) by including the following:

  • A link to Google Play’s subscription center (for apps that use Google Play’s billing system); and or
  • direct access to your termination process.

Restrictions on stalking software, apps that use VPNService, and apps must adhere to FLAG_SECURE

Apps that can be used to track people will always be controversial, but some believe they can act as an effective parenting tool. Others may wish to use them so that family members can watch over them while they are away, especially in cases where they are in an unsafe or dangerous location. However, these tools are often subject to abuse, and Google is introducing a few changes to help reduce this. A metadata flag of “IsMonitoringTool” must also be declared, and monitoring applications must also adhere to the following:

  • Applications must not present themselves as a solution for spying or secret surveillance.
  • Apps must not hide or conceal tracking behavior or attempt to mislead users about this feature.
  • Apps should present users with a persistent notification at all times when the app is running and a unique icon that clearly identifies the app.
  • Apps must disclose monitoring or tracking functionality in the Google Play store description.
  • Apps and app listings on Google Play must not provide any means to enable or access features that violate these terms, such as linking to a non-compliant APK file hosted outside of Google Play.
  • Applications must comply with all applicable laws. You are solely responsible for determining the legality of your application in the targeted locale.

In the case of apps that use VPNService, a long time ago Google cracked down on ad-blocking apps on the Play Store, including those that used VPNService to filter ad servers only. Now, the company claims that only apps that use the VPN service and have VPN as their core functionality can create a secure device-level tunnel to a remote server. There are exceptions, however, and these include:

  • Parental control and business management apps.
  • Application usage tracking.
  • Device security applications (e.g. antivirus, mobile device management, firewall).
  • Network-related tools (eg, remote access).
  • Web browsing apps.
  • Carrier applications that require the use of VPN functionality to provide telephony or connectivity services.

Using VPNService should not be used to perform the following actions:

  • Collect personal and sensitive user data without visible disclosure or consent.
  • Redirect or manipulate user traffic from other apps on a device for monetization purposes (for example, redirect ad traffic to a different country than the user).
  • Manipulate ads that may impact app monetization.

Finally, applications must now respect FLAG_SECURE. Applications also should not facilitate or create workarounds to circumvent FLAG_SECURE settings in other applications. FLAG_SECURE is what prevents certain content from appearing in screenshots or on untrusted screens. Apps that qualify as an accessibility tool are exempt from this requirement, as long as they don’t transmit, save, or cache any FLAG_SECURE protected content for access outside of the user’s device.

Google cracks down on dodgy apps

It’s great to see Google cracking down on dodgy apps and restricting the capabilities of stalkerware and the like. However, there will obviously also be normal apps caught in the crossfire, and there usually always will be when changes like these come into play. For example, will DuckDuckGo now be in trouble, because the app has a VPN that can kill ads across the entire device?

Deceptive apps come in all shapes and sizes, and it’s difficult to selectively implement policies that don’t affect perfectly reasonable apps either. We’ll be sure to keep an eye out and see if more changes may be on the horizon for some of our favorite apps!

Source: Google

Going through: Mishaal Rahman