The app landscape is always changing, and with it, app market owners have to adapt their policies to keep up. Google has announced a ton of Google Play Store policies today that will be enacted over the coming months, ranging from minor to quite significant. Some changes will only really be noticed by developers, but some, like subscription cancellations, should hopefully be immediately apparent to users.

If you have an app that may be in violation of any of these policies, Google says that all new and existing apps will receive a grace period of at least 30 days from July 27, 2022 (unless otherwise stated) to comply with the following changes.

Google Play Store policy changes

Restricting the USE_EXACT_ALARM permission (effective 31st July, 2022)

The first policy change that will come into effect will affect developers targeting API level 32, or Android 13. Google inotroduced the USE_EXACT_ALARM permission with Android 13 beta 2. For the app to be approved for distribution on the Google Play Store, it must meet the following criteria.

  • Your app is an alarm app or a clock app.
  • Your app is a calendar app that shows notifications for upcoming events.

Google previously stated that this policy change would come when it announced the USE_EXACT_ALARM permission.

Limiting health misinformation and impersonation (effective 31st August, 2022)

The first policy change that will come into effect and affect all users will limit the spread of health misinformation and will aim to prevent impersonation. What's considered a health misinformation violation is the following:

  • Misleading claims about vaccines, such as that vaccines can alter one’s DNA.
  • Advocacy of harmful, unapproved treatments.
  • Advocacy of other harmful health practices, such as conversion therapy.

As for impersonation, the following is considered a violation of the new impersonation policy:

  • Developers that falsely imply a relationship to another company/developer/entity/organization.
  • Apps whose icons and titles are falsely implying a relationship with another company/developer/entity/organization.
  • App titles and icons that are so similar to those of existing products or services that users may be misled.
  • Apps that falsely claim to be the official app of an established entity. Titles like “Justin Bieber Official” are not allowed without the necessary permissions or rights.
  • Apps that violate the Android Brand Guidelines.
google examples of impersonation

Better interstitial advertisements and easier subscription cancellation (effective September 30th, 2022)

Have you ever had to deal with an interstitial advertisement that seemed out of nowhere, or stuck around for far too long? Google is now limiting how developers can use them in their apps in order to improve the user experience. Google says that developers may not show advertisements in the following unexpected ways to users.

  • Full-screen interstitial ads of all formats (video, GIF, static, etc.) that show unexpectedly, typically when the user has chosen to do something else, are not allowed.
    • Ads that appear during gameplay at the beginning of a level or during the beginning of a content segment are not allowed.
    • Full-screen video interstitial ads that appear before an app’s loading screen (splash screen) are not allowed.
  • Full-screen interstitial ads of all formats that are not closeable after 15 seconds are not allowed. Opt-in full-screen interstitials or full-screen interstitials that do not interrupt users in their actions (for example, after the score screen in a game app) may persist more than 15 seconds.

As for the easier cancellation of subscriptions, it must now be easy for a user to cancel their subscription. It must be visible in the app's account settings (or the equivalent page) by including the following:

  • A link to Google Play’s Subscription Center (for apps that use Google Play’s billing system); and/or
  • direct access to your cancellation process.

Restrictions to stalkerware, apps that use VPNService, and apps must respect FLAG_SECURE

Apps that can be used to track people are always going to be controversial, but some believe that they may act as an effective parenting tool. Others may wish to use them so that their family members can keep tabs on them while they're out, particularly in cases where they may be in a dangerous or unsafe location. However, these tools are often rife for abuse, and Google is introducing some changes to help reduce that. A metadata flag of "IsMonitoringTool" must also be declared, and monitoring apps must also abide by the following:

  • Apps must not present themselves as a spying or secret surveillance solution.
  • Apps must not hide or cloak tracking behavior or attempt to mislead users about such functionality.
  • Apps must present users with a persistent notification at all times when the app is running and a unique icon that clearly identifies the app.
  • Apps must disclose monitoring or tracking functionality in the Google Play store description.
  • Apps and app listings on Google Play must not provide any means to activate or access functionality that violate these terms, such as linking to a non-compliant APK hosted outside Google Play.
  • Apps must comply with any applicable laws. You are solely responsible for determining the legality of your app in its targeted locale.

In the case of apps that make use of VPNService, a long time ago Google cracked down on ad-blocking apps on the Play Store, including those that made use of VPNService to essentially filter out advertising servers only. Now the company is saying that only apps that use the VPNService and have VPN as their core functionality can create a secure device-level tunnel to a remote server. There are exceptions though, and those include:

  • Parental control and enterprise management apps.
  • App usage tracking.
  • Device security apps (for example, anti-virus, mobile device management, firewall).
  • Network-related tools (for example, remote access).
  • Web browsing apps.
  • Carrier apps that require the use of VPN functionality to provide telephony or connectivity services.

Usage of VPNService must not be used to do the following:

  • Collect personal and sensitive user data without prominent disclosure and consent.
  • Redirect or manipulate user traffic from other apps on a device for monetization purposes (for example, redirecting ads traffic through a country different than that of the user).
  • Manipulate ads that can impact app monetization.

Finally, apps must now respect FLAG_SECURE. Apps must not facilitate or create workarounds to bypass the FLAG_SECURE settings in other apps, either. FLAG_SECURE is what prevents some content from showing up in screenshots or on untrusted displays. Apps that qualify as an Accessibility Tool are exempt from this requirement, as long as they do not transmit, save, or cache FLAG_SECURE protected content for access outside of the user's device.

Google cracks down on dodgy apps

It's great to see Google cracking down on dodgy apps, and restricting the capabilities of stalkerware and the like. However, there are obviously going to be normal apps caught in the crossfire too, and there generally always will be when changes like these come into play. For example, will DuckDuckGo now be in trouble, as the app has a VPN that can kill advertisements device-wide?

Deceptive apps come in all shapes and sizes, and it's hard to selectively implement policies that don't affect perfectly reasonable apps, too. We'll be sure to keep a look out and see if any other changes may be on the horizon for some of our favorite apps!


Source: Google

Via: Mishaal Rahman