Google is publishing the home addresses of developers without their consent
ebenezerdon
5 days ago
127
78
I am currently being denied the right to delete my Google Play developer account and remove personal data attached to it.

This includes my residential address, which is now publicly visible.

I’ve requested removal multiple times. Google has refused.

I didn’t agree to have it published. I asked them to remove it. They said no.

I asked them to delete my app. They said no.

I asked them to close my account. They said no.

This is a massive violation of privacy and it puts real people in danger.

Please share your thoughts on what to do next.

_rm5 days ago
Where are you resident?
ebenezerdon_rm5 days ago
I'm in the UK. But I've seen developers from all around having the same issue. (See Reddit)

My app is a free app, and their policy (which I don't agree with) states that private home addresses will only be shown for monetised apps.

To my surprise, Google published my home address for a free app. My account is new too, and address verification is a requirement for getting your developer account approved.

bell-cot ebenezerdon5 days ago
Sounds like it's a matter of UK law then. At a time when neither the US, nor its tech giants, are particularly popular at 10 Downing St. Nor in the UK generally.

And like you've a fair bit of company, to make common cause - whether paying solicitors, or raising a ruckus.

kassnerbell-cot5 days ago
I’m going through the process of listing in the Play Store just now and I’m having the same issues in the EU.
pjc50 ebenezerdon5 days ago
The official channel to complain about this is the Information Commissioner's Office (ICO). https://ico.org.uk/

I'm not expecting it to be speedy or effective. Another channel is writing a formal letter requesting your GDPR rights to deletion on paper, to the UK business address https://find-and-update.company-information.service.gov.uk/company/03977902

We all know that online support is a waste of time. In some ways, HN is one of the actually effective support channels.

hyperpapepjc505 days ago
You may wish to contact compliance and inform them that they are violating legal requirements in the UK (assuming that this is, y'know...true). Without blustering or yelling (getting angry makes you look less credible), simply state the government agency that accepts complaints, and state that you will file a complaint if the matter is not resolved. If there are laws that mandate how fast Google is required to resolve the issue, it is worth mentioning them.

In general, support has the incentive of making tickets go away. Compliance has the incentive of making sure the company doesn't run afoul of regulators. Compliance is also much much more powerful at an organizational level.

ebenezerdonhyperpape5 days ago
I've contacted them and they've left my last email without response, and have chosen to ignore all my requests to take down my private information
ebenezerdonpjc505 days ago
Thank you for this. I'm going to do so now
stefspjc505 days ago
> Another channel is writing a formal letter requesting your GDPR rights to deletion on paper

GDPR is EU, UK is not. how does this work? surley the UK didn't adopt the GDPR voluntarily?

robertlagrantstefs5 days ago
The UK incorporated GDPR into our local laws as GDPR UK[0] and the DPA[1]. I don't know whether the punitive measures still hold up though.

[0] https://www.legislation.gov.uk/eur/2016/679/contents

[1] https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted

gbuk2013pjc505 days ago
From my anecdotal experience of 1 attempt of writing to the ICO it was 100% effective: several months later I received a polite response with a history of communication between ICO and the organisation I complained about, where the latter had to justify what they were doing. This was a sports organisation that originally announced that they would be putting DOB of the athletes on their public profiles, but ultimately was just the age (because there are age bands in competitions) maybe as a result of my complaint - who knows?
ajb ebenezerdon5 days ago
The best guide for dealing with obstructive bureaucracies is patio11's :https://www.kalzumeus.com/2017/09/09/identity-theft-credit-reports/

That's specific to credit theft, but a great many of the principles apply to many situations:

- Approach via the legal dept, since their objective is to remove risk, rather than close tickets.

- Know your rights under the law

- Act like a relentless professional not an angry amateur .

But read the article, it's worth it

_rmajb2 days ago
This, just calmly explain to them your awareness of the asymmetrical costs you can inflict on them (which GDPR etc were specifically designed to create) and what you'll be doing next on what date. And then make sure you do it.

I've found quoting exact provisions of statutes to be very effective (just be careful to be right).

rustc5 days ago
> I asked them to delete my app. They said no.

Does the Play Store not allow deleting apps? What reason did they give?

ebenezerdonrustc5 days ago
They said my app already has install stats and therefore cannot be deleted
pjc50 ebenezerdon5 days ago
I'm wondering if the evil solution is to update the app in such a way that it no longer complies with the rules and get yourself banned from the app store. Although that has other risks to your other google accounts.
zenNekopjc505 days ago
Doesn't has to be evil, dropping support for newer androids (9.0 and up) is an easy way to get apps delisted.
ArgExceptionpjc505 days ago
That will only cause the update to be rejected, leaving it on the normal version. But maybe you could make it non-compliant by changing server-side content without an app update.
rustc ebenezerdon5 days ago
So if I release an app on the Play Store I have to support it forever? That sounds unreasonable.
IAmBroomrustc5 days ago
No, there is no requirement to support the software, at least according to what we've heard here. Simply that you can't remove your current rev from the store - you can't prevent people from downloading it.
jsnellIAmBroom5 days ago
That's a bit misleading. You can unpublish the app[0], which hides it in the Play Store and prevents new installs. It just doesn't remove the app from the people who already have the app installed, and I think they'll be able to install it on new phones.

I don't know why the OP is choosing not to unpublish the app.

[0] https://support.google.com/googleplay/android-developer/answer/9859350?hl=en

multimoonjsnell5 days ago
Unpublishing the app doesn’t remove you from having to comply with address requirement.
jsnellmultimoon5 days ago
Yes, but it would mitigate the issue almost completely since the app (and thus the address) would not be discoverable by new users.
seba_dos1 ebenezerdon4 days ago
...and yet it was enough not to verify my account (which I didn't do because it included consenting to my address being shown) to get it removed with all its apps.
boyka5 days ago
I'd say lawyer up, but then this is goliath..
ebenezerdonboyka5 days ago
Yeah, it feels like Goliath. But at the very least, I can try to get my voice heard.

I'll explore all options available to me.

sam_lowry_ ebenezerdon5 days ago
I do not know where you live and why you think that Google is wrong publishing your personal address but I can share my own story from Western Europe.

I managed an online community for tens of thousands of people for 18 years. The domain was registered to a fake address, but once I started accepting ads, I had to register a business and list my home address in the public records.

I dealt with hundreds of advertisers, and the most obvious risk was that an adversary contacts me to publish an ad, gets my company details, checks online for company address and comes ripping my heart off.

Over these years, I received multiple online threats from various people... but none have ever have showed at my door step.

I still wonder why.

Did the users I blocked and banned never really felt offended because I tried to be professional and predictable in all circumstances?

Or was it just because finding my personal address required a bit of ingenuity which the most egregious perpetrators simply lacked?

P.S. And no, this was not a gaming community nor anime lovers forum, but a place where immigrants turned in for help.

P.P.S. Before downvoting... think again about the responsibility you take on when people pay you money in return for your service.

charles_fsam_lowry_5 days ago
> think again about the responsibility you take on when people pay you money in return for your service.

OP mentioned their app is free

sam_lowry_charles_f5 days ago
I just Googled and it looks like even if the app is free, but account has been set to monetized at least once in the past, the address is displayed.

Back to my story... my online community was also free to join. This does not change much.

Once you start interacting with the world, expect the world to interact with you.

buyucu5 days ago
Google does this kind of nonsense all the time. That is why everyone is screaming their lungs out that we need to help and support alternative app-stores like F-Droid.

Your best bet is the privacy watchdog in your country.

ebenezerdonbuyucu5 days ago
It's disheartening. I've tried reaching out on several platforms, but they've completely ignored me.

I'll be exploring the privacy watchdog, as you've advised.

scarface_74buyucu5 days ago
This is not “Google nonsense”. It’s the law in the EU. Apple has to do the same thing

https://www.macrumors.com/2024/10/17/developers-eu-app-store-trader-requirements/

kassnerscarface_745 days ago
This is only applicable if you are making money with your App (either paid or IAP). Free apps don’t have that requirement on Apple’s store.
f4c39012scarface_745 days ago
^This. If you are a trader under the Digital Services Act then your address, email and phone number is published. From https://eur-lex.europa.eu/eli/dir/2005/29/oj: ‘trader’ means any natural or legal person who, in commercial practices covered by this Directive, is acting for purposes relating to his trade, business, craft or profession and anyone acting in the name of or on behalf of a trader;

IANAL

buyucuscarface_745 days ago
OP is not from the EU. He said elsewhere in the thread that he's from UK.
Aloisiusbuyucu4 days ago
Doesn't matter where they live. If the app is made available for EU users, it has to comply if they're a "trader" (they've monetized an app in any way at any time or set their account to do so ever).
Sytten5 days ago
There an interesting debate if home address being public record is a privacy problem. In Canada the government forces business directors/owners to have their address public for transparency. I find that kinda stupid but I do understand the idea behind it and this did shift my threat model when I had to enter it.
pjc50Sytten5 days ago
Almost all countries do this, because accountability is a necessary tradeoff for the huge benefits of limited liability.

(The UK has basically one exception, for Huntingdon Life Sciences, after their directors were subject to an extremely intense harrasment campaign by animal rights activists)

kevincoxpjc505 days ago
Yes, but if you want to hold someone accountable you should take them to court where it can be fairly decided, not show up at their home address.
pclmulqdqkevincox5 days ago
You need their address to have a reliable way to take them to court.
bn-lpclmulqdq5 days ago
You can ask the government
pclmulqdqbn-l5 days ago
I can imagine nothing wrong with having the government gatekeep access to the ability to sue corporations.
LadyCailinpclmulqdq5 days ago
They.. already do? Who do you think “the judiciary” is?
pclmulqdqLadyCailin5 days ago
The referee, not the ticket counter.
kevincoxpclmulqdq5 days ago
Yes, this sounds like the root cause. Maybe we should have a way to take someone to court that doesn't rely on knowing their address (and ideally is more stable over time than an address, and less ambiguous if there are multiple people with the same name at the same address).
Kon-Pekikevincox5 days ago
Hard to know if you are joking or serious.

https://en.m.wikipedia.org/wiki/Registered_agent

pclmulqdqKon-Peki5 days ago
Yep, there are services whose whole job is "accept mail when someone is suing you" so that you can hide your address.
andrewaylettpjc505 days ago
You need to put a correspondence address, but it doesn't need to be a home address — most reasonably-sized companies will allow directors to use the company address, or the address of their law firm, instead. That doesn't work so well for companies that run out of the directors' homes, of course.

You can see the correspondence addresses for the former directors of Huntingdon Life Sciences in their record at Companies House: https://find-and-update.company-information.service.gov.uk/company/03126711

kevincoxSytten5 days ago
IIUC part of the reason is so that you can sue people. You need to know their address to serve them papers. IIUC this is part of the reason why anyone is allowed to snail-mail you and we don't have spam laws for physical mail like we do for email, phone, ...

It seems pretty antiquated though and can be putting people at risk. Maybe there should be some form of indirection here where the government can be responsible for notifying you in cases like this and you can indicate who you are suing based on based on either the business or some sort of more opaque identifier.

Not to mention that an address is a bad identifier as it is not unique, becomes invalid/more confusing over time among other reasons.

jjmarrkevincox5 days ago
That's what a PO box is for.
ArgExceptionjjmarr5 days ago
Yeah, except Google doesn't allow using a PO box.
SilhouetteSytten5 days ago
The UK seems to be heading in roughly the opposite direction. If I've understood the plans correctly then more individuals with significant connections to companies will have to formally prove their identities to the regulators as part of company registration but fewer personal details will then be published online. This seems a much better approach to me - rogue traders and the like can be more easily disrupted but company officials aren't having their personal privacy compromised in ways that could potentially endanger them or their families if that one crazy customer decides to do something inappropriate.
zajio1amSytten5 days ago
Here in Czechia, not only addresses corporate legal representatives or sole proprietors are in a public registry, but also addresses of real property owners are in the public cadastre.

It seems funny to me that government considers these information as privacy-sensitive while also publishes them for majority of population (homeowners).

lostmsuzajio1am5 days ago
It is the same in many US states.
sunsetonsaturn5 days ago
If you're in the EU:

Leverage the GDPR and contact Google's DPO (Data Protection Officer) to inform them about the problem. If the problem is not solved or there is no reaction, lodge a complaint with the DPA (Data Protection Authority).

ivan_gammelsunsetonsaturn5 days ago
Probably won’t work, since there’s legitimate interest of app users in having this information accessible. However at least in Germany private person can have a legal address different from home address: you can buy this service from a number of providers and all legal correspondence will be delivered to you without interference with your privacy.
scarface_74sunsetonsaturn5 days ago
There is a slight problem with that. It’s actually the law in the EU that your address has to be displayed

https://www.macrumors.com/2024/10/17/developers-eu-app-store-trader-requirements/

driverdan5 days ago
Change the address on your account. You can't delete a published app but you can archive and delist it.
kassnerdriverdan5 days ago
You are required to send proof for the address, meaning you can only change to another place that you can claim your own.

In Sweden, we have a public registry for personal addresses, and that’s the only one Google accepts.

ChoGGikassner5 days ago
Get a PO box, change your Google address, cancel the PO box?

Edit: Nevermind, seems like they don't allow them.

zajio1am5 days ago
How exactly Google Play works for monetised apps from legal point of view? Are they ones who provide paid licence to an app to consumer (reseller), or are they just a marketplace intermediate, where the transaction is between app provider and consumer?

But in both cases, seems to me that at least for monetised apps, providing identifying information is important for consumer protection and therefore they have legitimate reason to do this.

madeofpalkzajio1am5 days ago
Apple's App Store is the merchant of record. They do the selling and gathering of sales taxes around the world, etc. I would presume Google Play works the same.
mystified50165 days ago
Contact a lawyer and have them send a cease and desist. Shouldn't cost a lot.

Just engaging Google's legal machinery is probably the only way to get their attention

cmurf5 days ago
Get a PO box. Either USPS or UPS address. Change address. Get the cheapest in your area, especially if you won't actually use it for deliveries. This is a deductible office expense for the business.

You don't need a DBA (doing business as) registered with the state for this, but it helps build a business narrative for the IRS and business purposes. And then you can use it in lieu of your name.

ebenezerdoncmurf5 days ago
Thanks for this. To my knowledge, the current policy doesn't allow a PO box. But I'll explore what you've mentioned.

Although I've now lost interest in publishing on the play store.

jadamson ebenezerdon5 days ago
In the UK you might be able to use a "virtual office" address instead, although this will cost money.

https://www.reddit.com/r/ContractorUK/comments/1gka8lq/virtual_business_address_in_uk/

cmurf ebenezerdon5 days ago
Non-USPS mail services use physical addresses. The post office delivers all the mail there, and it's the responsibility of the private party to sort.

Therefore you can list the "box" as a "unit" number, or "ste" (suite) or "apt" (apartment). Ask the 3rd party service prior to contracting.

I had such a service in NYC (they're common, lotsa businesses love having a Suite address on 5th Ave, or whatever).

I'd test it before committing to a long term contract though.

5555624 ebenezerdon5 days ago
Check with your Post Office. My USPS Post Office Box actually has a street address I can use, as well. They started this about four or five years ago. It's the street address of the Post Office, with the box number added like an apartment number. (Interestingly, the Zip+four is different.)
AdmiralAsshat5 days ago
It was a couple years ago I believe that Google started requiring developers to provide a home address. This was the obvious conclusion of that.
benterix5 days ago
It was a total deal breaker to me so I registered my company in a virtual office, I pay ca. $10/month for that but at least my home address is not floating around the internet.
yread5 days ago
Where can you see the address for a Play developer account?
ArgExceptionyread5 days ago
On the app details screen, scroll down past reviews to the "App support" section, and the address is under "About the developer".

This only shows in the Google Play app, not on the website.

multimoon5 days ago
This is exactly why when Google began requiring home addresses I just let them kill my account and refused to provide the info. It was not a dealbreaker to me anyway, I had long since moved to iOS as a developer.
ankitml5 days ago
Amazon did that to a physical product my wife is selling. I was very annoyed. But it ended up being a configuration but default being `show address` state is definitely annoying.
rkagerer5 days ago
Some ideas:

1. Have a lawyer send them a letter. A legal firm's letterhead will get taken more seriously than an email or Contact Us, and may force them to respond in some way.

2. Spin up a corporation and have it "acquire" your product.

Use a law firm or other provider as the registered address. If that's not possible in Sweden, incorporate in a jurisdiction outside your country. (This may have an impact on how you get paid, taxes, etc. but that might not matter if you're planning to unpublish).

3. Quantify your damages (eg. cost of above, security firm to do a home assessment, mitigations like installing security cameras, etc.) and litigate.

Unfortunately it can be hard to quantify damage to privacy (check for any precedents in the applicable jurisdiction's case law), and you may have already agreed to terms that prejudice this. Be sure to keep track of any disgruntled user feedback that makes you feel even mildly threatened in any way, any increase in unsolicited mailings, etc.

4. Get a short term rental somewhere, change the address to that, never update. Or use a friend who's about to move or doesn't care (eg. change the address on one of your credit cards to theirs for a billing cycle).

This isn't nice to whoever winds up at that address next.

5. Move, and don't update them with your new address.

6. Instead of selling your old home at the poisoned address, contact your local fire department and offer it as a controlled burn site for training. Scorch the earth and never look back.

Or, somewhat less satisfyingly, donate the land to your municipality as a park. Subject to a clause it be named something like "Alphabet's Reach" in perpetuity, and commission some kind of permenant concrete art installation to forever memorialize their betrayal.

kassnerrkagerer5 days ago
All of this is a ridiculous amount of work/red tape for an app that never will make a single cent (my case).

I guess we have to read that as virtue signaling: if you aren’t here to make money, go away. Interestingly, they choose a quite stupid way to do so, when they could just straight forward charge a recurring fee like Apple does.

streptomycin4 days ago
Shit is so dumb. I'm a solo video game dev and I don't exactly want my home address prominently displayed next to my video games. Not that I think it's likely I get swatted or something, but why even take the risk?

But Google (and D&B, who you need to also sign up for if you are a business) ban most PO boxes and other virtual mailbox/office services. I had to try a few times, but eventually I found one that they accepted.

Also the Microsoft Store does the same thing with addresses. idk about Apple, I don't publish there. Probably there is some law forcing everyone to do this.