Google, citing trust and safety concerns, has issued updated policies for those distributing Android apps through the Play Store.

Chief among these is that some developers will have to provide more identification to comply with the expanded Play Console Requirements policy. Starting August 31, developers registering a new organization will have to supply a D-U-N-S number, a nine-digit identifier assigned by data brokers Dun & Bradstreet. This information will be used to inform the new "About the developer" section in Google Play - listings will show verified identity information like name, address, and contact details.

Existing developers who have registered as an organization rather than as an individual can expect compliance information from Google in October.

D-U-N-S numbers are not a guarantee that a business is trustworthy - failed crypto biz FTX has a listing - but the registration may help with risk management decisions, or at least with knowing where to send legal papers or the police.

Speaking of cryptocurrencies, Google is becoming more tolerant of blockchain-related apps. The upgraded content policy says developers of apps that use tokenized digital assets secured on a blockchain have to complete a Financial Features declaration - required for all apps integrating financial services - on the App Content page in the Play Console.

"As blockchain technology continues to evolve, maintaining user trust is paramount," said Joseph Mills, group product manager of Google Play, in a blog post. "As part of the policy update, we’re requiring that apps be transparent with users about tokenized digital assets."

For example, if an app or game sells or enables users to earn tokenized digital assets, developers must declare this clearly. And while those assets are meant to build more enriched, immersive experiences in ad speak, as an added user protection, developers may not promote or glamorize any potential earning from playing or trading activities."

Cryptomining on devices is still banned, though remote management of crypto mining is allowed. Additional regulations may apply to cryptocurrency exchanges and software wallets.

The Chocolate Factory has also revised its Device and Network Abuse policy to say that apps running On-device Android Containers - a way to simulate Android OS - need to respect the wishes of developers who decline to take part.

Developers can now set the REQUIRE_SECURE_ENV property in their app's manifest file to signal their refusal to be containerized. This policy, designed "to give developers more control over where their apps appear," will take effect January 1, 2024.

Additionally, apps targeting Android 14 and above will have to comply with rules covering foreground services - operations noticeable by the user. Developers will have to declare a valid foreground service format and permission for every such service used in an app.

There's also a new JobScheduler API and associated requirements that are intended to make user-initiated data transfers clearer. And there are various updated permission restrictions covering VPNs and the Exact Alarm API, among other changes.

Elsewhere, the Deceptive Behavior policy has been expanded to require that an app's functionality must be clear to users. So, after 11 years of Play Store operation, it's time to explicitly disallow hidden, undocumented, or dormant features. And attempting to evade app reviews is also forbidden.

Come December 7, Google Play developers, as announced in April, will also be required to allow app users to delete accounts they've created via the app and via the web. ®

https://www.theregister.com//2023/07/17/google_play_store_developers/