At the end of February, Google’s new Play Developer Policy will come into force, and in May, the EU’s General Data Protection Regulation will also become active. This means app developers must prepare their apps ready to meet these new regulations, all built around tighter security and giving people more control over personal data.
However, SafeDK is warning that a high percentage of apps may not be ready for either Google’s changes, or the GDPR.
It explains why this is a concern:
“Not only do these data collection requirements apply to all functions of the app, they also apply to any 3rd party SDKs that may be integrated within it. This is because, under the new regulations, app owners and publishers are liable for any personal data misconduct related to their product, even if they do not really own the code responsible for it.”
Using data from August 2017, SafeDK shows that 67% of apps have an SDK that accesses user data. This includes 52% using location, 40% examining other installed apps, and 28% requiring a list of contacts. Account data, calendar details, and microphone access all hover around 9%.
“App publishers need to learn what information their SDKs are collecting and how they can modify current practices to comply with the new requirements in a very short period of time.”