One hoop to jump through too far

[Derek Johnson]

The final impossible thing that Android is asking developers to do is to provide an online method of deleting locally stored login credentials, even if they don't have any online presence. I can't even envisage a secure way of doing that or any sane reason for doing it.

I'm giving up on this!

 

[hatzisn]

If I am in my mobile why can't I do it directly and then call the on-line method to delete on-line? Is this correct that I have read or being dizzy right now I cannot understand what you wrote? If it is correct then just create a B4J app or your prefered flavour (you name it) and return a fixed JSON:

{"success": true, "msg":"The account is successfully deleted even if it never existed. Google what do you suggest for smoking?"}

? ? ?

 

[JohnC]

The final impossible thing that Android is asking developers to do is to provide an online method of deleting locally stored login credentials, even if they don't have any online presence. I can't even envisage a secure way of doing that or any sane reason for doing it.

I'm giving up on this!

I would like to see the exact wording google used, so where can I see this new rule documented?

 

[Derek Johnson]

I would like to see the exact wording google used, so where can I see this new rule documented?

Understanding Google Play’s app-account deletion requirements - Play Console Help

Google Play’s data deletion badge and data deletion area within the Data safety section give users a new set of transparency and controls over their user data while providing developers with a way to

support.google.com

Overview​

The user data policy's account deletion requirement means that:

1. All developers must complete new data deletion questions in the Data safety form on the App content page (Policy > App content) in Play Console.
2. If your app enables account creation, you must:
   • provide users with an in-app path to delete their app accounts and associated data; and
   • provide a web link resource where users can request app account deletion and associated data deletion. You have the opportunity to show users if you delete other data too.

 

[LucaMs]

Google always helps us increase... our problems, rather than our income.

However, in this case the logic of this is probably that your user can demonstrate that they asked for their account to be deleted.

Even this, however, is not very smart, because you would manage that web space and could delete the request.

 

[JohnC]

OK, lets think this through...

It says "If your app enables account creation". Well, what is an "Account"?

If your app creates an "Account", doesn't that imply that some info related to that "Account" will be sent/stored outside of the device that the app is installed on?

Because if that is not the case, and the app's operation and related info are ONLY contained on the device, then what would be the purpose of the app having an "Account"?

So, if some info of the "Account" is being stored outside of the device, then that highly suggests it is located on a cloud server, and this google requirement is basically saying that if the user wants to delete their account, all info related to that account needs to be deleted on the device *AND* the cloud server.

The requirement also states that the user should be able to delete their account via a weblink (as an alternative to doing it from the app). This shoudn't be much of a problem because you can do something like this:

1) The user clicks a weblink to delete their account.
2) The cloud server deletes the account on it's system.
3) The cloud system would then send a push notification to the app, telling it to delete all the account info.
4) If for some reason the app/device does not receive the push notification, then the next time the app tries to log into the users account on the cloud server, the server will report that the account was deleted (because there is no longer an account on the system using the ID that the app specified), causing the app to immediately delete the account info on the device.

Basically, I can't think of why an app would have and "Account" if nothing of that app is ever stored outside of the device. So, if in fact data is stored outside of the device, then google is simply saying that the "delete account" needs to be able to be initiated not only from the device, but also by using a weblink in the event that the app was uninstalled from the device, but the account (and it's possible confidential info) still exists in the cloud.

 

[Derek Johnson]

John,

For the sake of argument let's say that the app is a type of local password manager that stores user details of multiple account names and passwords (in the case of my app to access Library accounts at multiple locations) . For security reasons it never sends the user data outside the device except as the login credentials to other services. This is definitely personal user data however and you must be able to offer the user the ability to delete it. Fair enough. Google is saying however that you must also offer the facility to delete this data via an online service, which would not need to exist except for this requirement. That is what I consider to be a step too far.

 

[JohnC]

Using your example, such an app does not actually "create an Account" for the user of the app - it simply stores password info for various "other" accounts.

So, since the google rule only applies to apps that "enables account creation", it wouldn't apply to the example app, so the weblink functionality is not required.