App Personal Information

GoogleSearch App: Personal Information in Android

In December 2012, Google Inc. (“Google”) released an update for the Google Search App (the “App”) on the Android operating system. This update asked users to grant the App a number of “permissions,” which had to be accepted in order to use the updated app.

About the App

Based on Google’s submissions and information, the App allows the user to perform three main functions:

• searching,
• controlling the device using voice commands, and
• using a service called “Google Now”, which is mentioned below.

The search functionality of the App allows the user to search the web using the Google search engine, or to search his or her device. Searches are performed by entering text into a ‘search bar’ on the homescreen of the device or within the App, or by pressing the microphone icon on the search bar and speaking the desired search term(s). If “hotword detection” is enabled, the user can also initiate a voice search by speaking “OK Google” while the App is open.

These searches can be personalized based on the individual’s current location. For instance, a search for “movies” might return movie listings in the individual’s current city.

The second functionality allows users to control the device using voice commands. This is done by pressing the microphone icon on the homescreen or within the App, or stating “OK Google” while in the App (if hotword detection is enabled) and speaking a voice command. “Voice Actions” that can be initiated using voice commands include opening apps, creating calendar events, composing and sending text messages or emails, getting directions to a location, etc.

The third functionality associated with the App is Google Now. Google Now is a notification service that actively informs users of relevant information such as upcoming appointments, travel arrangements, news, etc. To do this, it uses “contextual data from [the user’s] device and from other Google products, plus data from third-party products that [the user allows] Google Now to access.” This information can include current location and location history, searches saved in the user’s web history across devices, and/or information from synced calendars or Gmail, along with many other sources of information. This information is continually monitored and used to deliver Google Now “Cards,” which contain information that Google Now determines may be of interest to the user at a particular point in time.

Permissions

Google asserted that the complainant’s agreement to the App’s permissions was not, by itself, equivalent to his consenting to the collection, use or disclosure of his personal information. Google, with respect to the Android permissions system, explaining that it is a transparency mechanism intended to provide users with information about an app’s capabilities, not its actual functionalities. More specifically, each permission represents a type of data and/or function to which an app will have access for the purposes of its operation. A standard description for each permission explains what the permission means and how it could be used by the app – not how it will actually be used by the app. In particular, according to Google, the description provides a warning to users, identifying certain harmful ways that the permission could be used by a malicious app. Google further explained that the permissions system is not intended to replace communications to users about how it will use permission-related capabilities.

According to Google’s online documentation, “A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user.” Footnote 9 Instead of allowing default access, the developer of each Android application is required to declare, in the app’s “App Manifest,” which “permissions” for additional capabilities (access to information on the device, device features, etc.) are required by the application.

The permissions requested by each app are articulated to the user, who is then given the opportunity to accept those permissions or decline to install the application. Apps are unable to access or use any feature or data element protected by a permission not specified in their manifest at the time of installation. Google states that this model provides a “very high level of visibility into the technical capabilities of [an app] … which surpasses the level of transparency of other operating systems.”

Google asserts in its representations that “permissions are not ‘consent’ per se.” They explained that, “[t]he permissions granted under the Android security model are simply to enable capabilities, which does not necessary [sic] speak to how those capabilities can be used and whether they even will be used. They do not replace later communications to the user about how and when those capabilities will be used, or other functionality of the application in question.

… [Permissions] do not necessarily equate with functions that the application will use without further notice to the user.”

The Google Search App

Google also outlined what information was actually collected by the App, via the capabilities associated with required permissions, as well as the purposes for which such information was collected. More specifically, Google stated that the App supports several functions, necessitating the broad range of capabilities tied to the permissions requested by the App. These functions include providing: an interface for the Google search engine; voice-based control of the device; and, “Google Now” – a notification service that actively informs users of relevant information such as upcoming appointments, travel arrangements, news, etc. Google explains its collection and use of personal information for the purposes of these functions through: the App’s description in the Google Play marketplace and on Google’s webpage about the App; the App’s permissions; the App’s in-app notices; and the Google privacy policy.

Changes

While presenting permissions up-front serves an important role in both security and transparency, there were concerns that the way in which permissions are presented could lead to user confusion. For instance, users may mistakenly believe that by accepting permissions, they are consenting to the collection, use or disclosure of certain information. As a result they may be less likely to seek out, or pay attention to, other privacy communications presented by an app.

Later, Google implemented certain changes to clarify the permissions system, including the creation of a plain-language explanation of the system, which is accessible via link within the ‘permissions details’ section of apps’ Google Play Store listings.

Google, according some authorities (such as Canada authorities), should provide greater clarity to individuals by supplementing its organization-wide privacy policy with context-specific information regarding the privacy practices of its individual services (like the Google Search App).

Privacy policy

Generally, information about Google’s information handling practices can be found in Google’s unified privacy policy, to which the App is subject. A link to this policy is provided on the App’s Google Play Store listing, during the Google Now opt-in process, and in the App’s “Settings” menu, under “Accounts & privacy.”
This policy states in part, in relation to how Google uses information collected:

“We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads.”