Third-party developers on Google Play, the app market for Android devices, receive the personal details of anyone who buys their apps, potentially violating the terms of a 2011 privacy settlement.


Australian developer Dan Nolan revealed on his blog Tuesday that he received the name, suburb and email address of every person who purchased his app on Google Play. The purchasers of the app, however, were not notified that their personal information was being sent to a third-party.

"Let me make this crystal clear, every App purchase you make on Google Play gives the developer your name, suburb and email address with no indication that this information is actually being transferred," Nolan wrote. "Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it and it’s made crystal clear to them that I’m getting this information."

Sebastian Holst of The Mobile Yogi confirmed to Raw Story that Google Play shared some information not shared by Apple, Microsoft or Amazon, including the first name, last name, zip code or postal code, and email address of the purchaser.

Privacy watchdogs warned the undisclosed sharing of personal information with third-parties could run afoul of the terms of a consent order Google reached with the Federal Trade Commission in 2011. That order stated Google would "not misrepresent in any manner" why it collects and uses personal information, including an individual's name, home address, email address, IP address or telephone number.

Google Play's terms of service only notes that users "may be required to provide information about yourself such as your name, address, and billing details" to "access certain services." The terms of service does not state that a user's personal information can be sent to third-parties. Google's privacy policy states the company does "not share personal information with companies, organizations and individuals outside of Google" without the user's consent, with a few limited exceptions.

Unlike the Apple iTunes Store, Google Play treats the developer the merchant on record, Mashable explained. Those who buy an app from Google Play are purchasing directly from the developer, and the user's personal information is sent "ostensibly for billing and taxing purposes." Apple acts as the sole merchant on record for its app store and as a result third-party developers never see their customers' personal information.

Last year, Google was accused of violating the consent order by placing tracking "cookies" on the computers of Safari users, despite telling those same users they would be automatically opted-out of such tracking. Google agreed to pay a record $22.5 million to the FTC.