The app landscape is constantly changing and with it, app market owners must adapt their policies to keep up. Google today announced a ton of Google Play Store policies that will come into effect in the coming months, ranging from minor to quite significant. Some changes will only really be noticed by developers, but some, like subscription cancellations, should hopefully be immediately apparent to users.
If you have an app that may violate any of these policies, Google says that beginning July 27, 2022, all new and existing apps will have a grace period of at least 30 days (unless otherwise noted) to comply with the following changes.
Changes to Google Play Store Policy
Restricting the USE_EXACT_ALARM permission (effective July 31, 2022)
The first policy change to take effect will affect developers targeting API level 32 or Android 13. Google has released the
USE_EXACT_ALARM permission with Android 13 beta 2. For the app to be approved for distribution on the Google Play Store, it must meet the following criteria.
- Your app is alarm app or clock app.
- Your app is a calendar app that shows notifications for upcoming events.
Google previously stated that this policy change would take place when it announced the USE_EXACT_ALARM permission.
Restriction of Health Misinformation and Impersonation (effective August 31, 2022)
The first policy change to take effect and affect all users will limit the spread of health disinformation and prevent impersonation. What is considered a health information violation is the following:
- Misleading claims about vaccines, such as that vaccines can alter a person’s DNA.
- Advocating harmful, unapproved treatments.
- Advocating other harmful health practices, such as conversion therapy.
With regard to impersonation, the following is considered a violation of the new impersonation policy:
- Developers who falsely imply a relationship with another company/developer/entity/organization.
- Apps whose icons and titles falsely imply a relationship with another company/developer/entity/organization.
- App titles and icons so similar to existing products or services as to mislead users.
- Apps that falsely claim to be the official app of an established entity. Titles like “Justin Bieber Official” are not allowed without the necessary permissions or rights.
- Apps that violate the Android brand guidelines.
Better interstitial ads and easier subscription cancellations (starting September 30, 2022)
Have you ever had to deal with an interstitial ad that seemed to come out of nowhere, or hang around for way too long? Google is now restricting how developers can use them in their apps to improve the user experience. Google says developers should not show ads to users in the following unexpected ways.
- Full screen interstitial ads of all formats (video, GIF, static, etc.) that appear unexpectedly, usually when the user has chosen to do something else, are not allowed.
- Ads appearing during gameplay at the beginning of a level or at the beginning of a content segment are not allowed.
- Full screen video interstitial ads that appear before an app’s loading screen (splash screen) are not allowed.
- Full screen interstitial ads of all formats that cannot be closed after 15 seconds are not allowed. Opt-in full-screen interstitials or full-screen interstitials that don’t interrupt users’ actions (for example, after the score screen in a game app) can last longer than 15 seconds.
As for making subscriptions easier to cancel, it should now be easy for a user to cancel their subscription. It should be visible in the app’s account settings (or equivalent page) by including the following:
- A link to the Google Play Subscription Center (for apps that use Google Play’s billing system); and/or
- direct access to your cancellation process.
Restrictions on stalkerware, apps that use VPNService and apps must respect FLAG_SECURE
Apps that can be used to track people will always be controversial, but some believe they can act as an effective parenting tool. Others may want to use them so that their family members can keep an eye on them while they are away, especially in cases where they are in a dangerous or unsafe location. However, these tools are often misused and Google is introducing some changes to reduce that. A metadata flag of “IsMonitoringTool” must also be declared and monitoring apps must also adhere to the following:
- Apps should not present themselves as spying or covert surveillance solutions.
- Apps should not hide or obscure tracking behavior or attempt to mislead users about such functionality.
- Apps must provide users with a permanent notification at all times when the app is running and a unique icon that clearly identifies the app.
- Apps must disclose monitoring or tracking functionality in the Google Play Store description.
- Apps and app listings on Google Play may not provide means to activate or access functionality that violates these Terms, such as linking to a non-compliant APK hosted outside of Google Play.
- Apps must comply with all applicable laws. You are solely responsible for determining the legality of your app in the targeted locale.
In the case of apps that use VPNService, Google cracked down on ad-blocking apps on the Play Store long ago, including apps that used VPNService to essentially filter out ad servers only. Now, the company says that only apps that use the VPNService and have VPN as their core functionality can create a secure device-level tunnel to a remote server. However, there are exceptions, including:
- Parental control and business management apps.
- Track app usage.
- Device security apps (e.g. antivirus, mobile device management, firewall).
- Network related tools (e.g. remote access).
- Web browsing apps.
- Carrier apps that require the use of VPN functionality to provide telephony or connectivity services.
The use of VPNService should not be used to do the following:
- Collect personal and sensitive user data without apparent disclosure and consent.
- Redirecting or manipulating user traffic from other apps on a monetization device (for example, redirecting ad traffic through a country other than the user’s country).
- Manipulate ads that may affect the monetization of apps.
Finally, apps must now respect FLAG_SECURE. Apps should also not facilitate or create workarounds to bypass the FLAG_SECURE settings in other apps. FLAG_SECURE is what prevents certain content from being displayed in screenshots or on untrusted screens. Apps that qualify as accessibility tools are exempt from this requirement, as long as they do not send, store, or cache FLAG_SECURE protected content for access outside the user’s device.
Google tackles unreliable apps
It’s great to see Google cracking down on questionable apps and limiting the capabilities of stalkerware and the like. However, it’s clear that there will also be normal apps in the crossfire, and in general there will always be changes like this coming into play. For example, will DuckDuckGo get into trouble now, because the app has a VPN that can kill ads across the entire device?
Deceptive apps come in all shapes and sizes, and it’s hard to implement selective policies that don’t affect perfectly reasonable apps too. We’ll be sure to keep an eye out for other changes ahead for some of our favorite apps!
Through: Mishal Rahman