Group items tagged

, as a replacement for passwords

Bill Gates predicted the death of passwords at a security conference in 2004.

network

Twitter

One important element of this is the security of the service itself. Although the consumer rarely suffers directly when online services are exposed, scary media stories do mean that everyone in the dot.com world has to work that bit harder to build the necessary trust.

Ben Edelman, an associate professor at Harvard Business School, says that analysis of Google's terms and conditions relating to its Google Play store and Google Wallet transaction system (used for buying apps) doesn't show any clauses where users are specifically told that their emails will be sent on to the developer. He also warns that developers could use that information to "track and harass" people who have given apps low ratings or requested refunds. And hackers – or malicious developers – could create personalised emails to send out to people to steal passwords (phishing) or install "updates" that were actually malware.

Google says it has to provide some location data about which country apps are bought in so developers can calculate the correct amount of tax to pay. But that does not explain why it passes on buyers' names and email addresses, which together with a postcode could be used to identify a person's location and address."Google's prior privacy blunders have put [it] under higher scrutiny," Edelman says, pointing to the 20-year consent order with the US Federal Trade Commission that Google signed in March 2011 in the wake of its Buzz social network fiasco – followed by a record $22.5m fine in August 2012 for hacking Apple users' browsers to install tracking cookies. It has also been fiercely criticised in Europe for its changes in March 2012 to its privacy policies, which data protection chiefs said could mean "uncontrolled" use of personal data.

Eric Butler, a freelance software developer of the Tapchat and Farebot apps, tweeted in July 2012 "I wonder if most Android users realise that when you buy an app in the Play Store the seller [of the app] can see your name, email address and phone."Following the row, he has noted on his blog that "Because the entire experience of purchasing Android apps is so sloppy, it's not unreasonable to assume that this privacy issue was actually an oversight." But, he says, "Google should follow Apple's lead and offer users and developers better privacy protection."

Another developer, Jesse Wilson, pointed out the same problem in November on Google+, and was quickly echoed by Chris Lacy, who said that "as a developer I never asked for this information, I have no need for it, and I simply do not want to be a custodian of such information."Lacy added that "As a consumer, this is distressing on many levels: there is no fair warning that this information will be transferred … trusting my personal information to Google is one thing. But with this system, users are unknowingly having to trust their information to a third party. There's no way to know what security measures that third party might have in place." He added that it meant that the app developer "has gained my personal information without requesting the appropriate permissions via the app."

Google has said that passing on the details does not breach its privacy conditions. In a quote to Siliconvalley.com, a representative told the site that "Google Wallet shares the information necessary to process a transaction, which is clearly spelled out in the Google Wallet privacy notice."