There may be a storm brewing in the Android developer ecosystem. Last week, a popular app called Mr. Number, the core feature of which is crowdsourced caller ID, was pulled from the Google Play Store for the second time in the last three months, following a seemingly calculated change in the platform’s content policies.
When it comes to privacy, Google almost always falls on the side of openness – at least when it comes to our personal information. From Gmail to Youtube to Google+, and beyond, Google tracks its users across the Web. Its Street View minions photograph street addresses and business signs from New York to Berlin to Cartagena, as the home office brushes off privacy concerns.
When it launched the now defunct Google Buzz in 2010, anyone with a Gmail account was added as a contact to pre-existing Gmail contacts; if you didn’t want in you had to opt out. Just last month Google agreed to a $22.5 million fine levied by the Federal Trade Commission for deploying cookies in Apple Safari browsers without users’ permission, despite promising the FTC it would not. The fine itself was a pittance for a company that earns more than $10 billion per year, but the symbolic deterrent looms larger.
So you can imagine how surprised the makers of Mr. Number were when they learned that Google had targeted them for, in essence, toeing the line of violating users’ privacy. Pot, meet kettle.
This is no newbie app with questionable beginnings. Mr. Number has been a fixture in the Google Play Store for two years. It’s been downloaded more than 5 million times, ranked among the Top 200 most downloaded apps, and averaged 4.4 stars across more than 65,000 reviews. The company is not some rogue hacker group in sub-Saharan Africa or Eastern Europe either. It’s located in the heart of Silicon Valley, and its founders have numerous friends that work inside the Google-plex. Last year Mr. Number raised $3.6 million in venture financing from A-list VC Menlo Ventures.
Based on its popularity, Mr. Number clearly provided useful benefits. When users opt-in they share their contact lists including the numbers of evil phishers, robocallers, and telemarketers, automatically blocking any of these numbers they choose. Obviously, plenty of people would like to know which telemarketer, Nigerian con-artist, or harassing ex-boy-or-girlfriend is calling before they answer their cell phone. But in the process of enabling this functionality, the app crossed an imaginary line in connecting a caller’s name to their number without his permission, taking the decision of how to share this information out of the hands of the number’s owner.
What’s Mr. Number’s response to Google’s sudden embrace of privacy? CEO Jason Devitt tells me Google’s actions could fundamentally change the way developers view the platform. Google pretends that Android is democracy incarnate. In other words, it sells its platform as the anti-Apple, keeper of walled-gardens and deliverer of opaque developer restrictions and app approval processes. By pulling Mr. Number without warning or explanation, Google is breaking the very promise it made to developers when launching Android in 2008.
“Google is changing the rules halfway through the game,” Devitt says. “If you ask me, Apple’s policy of pre-approving apps is actually much more reasonable, because at least in that case developers know where they stand.”
Devitt claims the Mr. Number team never heard any indication of trouble from the Google Play Developer Team despite multiple interactions over the last two years. This all changed this summer when the app, and three others providing similar crowdsourced caller ID functionality, were pulled from the store in June without warning. As far as Google was concerned, the app was illegally “publishing” users’ private and confidential information by using community address book data it to identify unknown incoming callers across its network.
“Google has told us that you, our users, cannot share your contact lists for Caller ID even if you believe you have your contacts’ permission,” Devitt wrote in a blog post.
As Devitt sees it, his company’s app doesn’t violate any rules; in fact, it behaves like Facebook, Foursquare, Salesforce, and other wildly popular apps which upload users’ address book data. Each user that opts-into Mr. Number’s addressbook data sharing – 80 percent of its users do – first indicates to the company that he believes he has his contacts’ (implicit) permission to share their contact data in this manner. The company even takes the privacy-minded step of allowing the owner of any phone number, whether they are a user of its app or not, to change or permanently remove his data from the company’s databases.
Mr. Number put up the biggest fight of any of the four offending apps, arguing that its app was compliant and eventually convincing Google to re-list it in July. The victory was short-lived however as Google subsequently changed the language of its content policy to prohibit “unauthorized publishing or disclosure” of users’ private and confidential information. With the language changed, Mr. Number was again pulled at the beginning of September. The app is back in the app store now, but only in a severely neutered form. Its most popular feature, and the one for which it charged users to upgrade to a premium version, is no more.
Devitt points out that users can forward an email without the sender’s explicit permission or upload and tag a picture of another person to the Web without their consent. These things happen all the time, but aren’t are being targeted under Google Play’s current content policies – or anywhere else across the Web. What makes crowdsourced caller ID any different?
Whether you believe that Mr. Number violates user privacy or not, is only half of the story. What’s more at issue here is whether Google is acting consistently and transparently in the way it manages its Android platform and app marketplace.
I contacted a spokesperson for the Google Play Developer Team, who said, “We don’t comment on specific app takedowns, but if you’d like, I can point you to some pertinent information in our developer policies, on background.” He then sent me the following updated content policy:
Personal and Confidential Information: We don’t allow unauthorized publishing or disclosure of people’s private and confidential information, such as credit card numbers, Social Security numbers, driver’s and other license numbers, or any other information that is not publicly accessible.
When I pressed for an explanation of why the changes were enacted and why, in general, crowdsourced caller-ID functionality is seen as a violation of this policy, I received no further response.
Google’s past behavior would indicate that it’s not the company to pull an app without feeling it has a good reason. In all likelihood, it’s responding to pressure from regulatory bodies and consumer rights groups to reign in the way address book data is shared and utilized following this spring’s Path brouhaha.
Obviously Google is free to operate its app marketplace as it sees fit. The company can and will change its Terms of Service and Content Policies as necessary. Apple does. So does Facebook. Mr. Number may be the latest victim of Google’s here one day, gone the next privacy conscience, but it’s unlikely to be the last.
When I asked Devitt about his plans going forward, I brought up the possibility of litigation. His response was essentially, hell no! “We’re considering all options, except litigation!” he said. “We’re capitalists. That’s a commercial store. They can set any rules that they please, and we and everyone else have to abide by them.”
Unfortunately, it would appear that despite its boldness in publicly bashing Google, the current incarnation of Mr. Number is screwed. The company can’t turn to Apple’s iOS App Store because the platform doesn’t allow developers to access the dialer or caller ID features. There’s bound to be a Windows Phone 8 and Blackberry 10 developer evangelist or two in search of a few good men.
This situation certainly had the possibility to create a ripple of uncertainty among the Android developer community, but in all likelihood nothing much will come of it – the window is all but passed. When other more controversial changes were enacted to popular platforms, the responses were swift and loud. Twitter developers, for example, railed at the restrictive changes to company’s latest API. Even in this most extreme case, it’s been little more than a bump in the road for the micro-blogging platform.
In spite of the obvious hypocrisy, the notion that Google and Android are unassailably open and un-evil is one that died a long time ago. Anyone who is developing for the platform today and hopes to make a living doing so has largely accepted this and is coloring strictly within the lines.
[Image Credit: Shutterstock]