Google raises privacy fears as personal details are released to app developers

Campaigner says tech giant's policies don't make it clear that Google Play users who buy apps give over information

Google could face a third privacy row in a two years, after a leading campaigner called for the US government to investigate the fact that the names, geographic region and email addresses of people who buy apps from its Play store are passed on to the app developers without users' explicit permission.

The company is also coming under pressure from developers who do not want it to send them that data, because they are concerned about its privacy implications.

Ben Edelman, an associate professor at Harvard Business School, says that analysis of Google's terms and conditions relating to its Google Play store and Google Wallet transaction system (used for buying apps) doesn't show any clauses where users are specifically told that their emails will be sent on to the developer.

He also warns that developers could use that information to "track and harass" people who have given apps low ratings or requested refunds. And hackers - or malicious developers - could create personalised emails to send out to people to steal passwords (phishing) or install "updates" that were actually malware.

Apple does not pass on any such information from its App Store when users buy or download apps - although Google's store has a different legal structure from its rival's. Users buy from Apple, for legal purposes; with Google, they are legally buying from the developer.

Google says it has to provide some location data about which country apps are bought in so developers can calculate the correct amount of tax to pay.

But that does not explain why it passes on buyers' names and email addresses, which together with a postcode could be used to identify a person's location and address.

"Google's prior privacy blunders have put [it] under higher scrutiny," Edelman says, pointing to the 20-year consent order with the US Federal Trade Commission that Google signed in March 2011 in the wake of its Buzz social network fiasco - followed by a record $22.5m fine in August 2012 for hacking Apple users' browsers to install tracking cookies. It has also been fiercely criticised in Europe for its changes in March 2012 to its privacy policies, which data protection chiefs said could mean "uncontrolled" use of personal data.

Eric Butler, a freelance software developer of the Tapchat and Farebot apps, tweeted in July 2012 "I wonder if most Android users realise that when you buy an app in the Play Store the seller [of the app] can see your name, email address and phone."

Following the row, he has noted on his blog that "Because the entire experience of purchasing Android apps is so sloppy, it's not unreasonable to assume that this privacy issue was actually an oversight." But, he says, "Google should follow Apple's lead and offer users and developers better privacy protection."

The release of the emails to developers was highlighted by Dan Moran, an Australian app developer, earlier in February - though Edelman points out that "at least three other developers had previously raised the same concern".

Another developer, Jesse Wilson, pointed out the same problem in November on Google+, and was quickly echoed by Chris Lacy, who said that "as a developer I never asked for this information, I have no need for it, and I simply do not want to be a custodian of such information."

Lacy added that "As a consumer, this is distressing on many levels: there is no fair warning that this information will be transferred ... trusting my personal information to Google is one thing. But with this system, users are unknowingly having to trust their information to a third party. There's no way to know what security measures that third party might have in place." He added that it meant that the app developer "has gained my personal information without requesting the appropriate permissions via the app."

Google has said that passing on the details does not breach its privacy conditions. In a quote to Siliconvalley.com, a representative told the site that "Google Wallet shares the information necessary to process a transaction, which is clearly spelled out in the Google Wallet privacy notice."

But Edelman disputes that. "First, it simply is not 'necessary' to provide developers with access to customer names or email addresses in order to process customer transactions ... To claim that it is 'necessary' to provide this information to developers, Google would need to establish that there is truly no alternative - a high bar, which Google has not even attempted to reach. Second, this data sharing is not 'spelled out in the Google Wallet privacy notice' and certainly is not 'clear' there."

He added that the idea that the developer is the "merchant of record" for the transaction is contradicted by the fact that the transaction is carried out with Google itself, through Google Wallet - and that repayments too come via Google. "If it has 'Google' as the company you do the transaction with, not the developer, then it seems logical that Google is the merchant of record," he told the Guardian.

BP Deepwater judge warns of 'lengthy trial' as proceedings begin

Company, government and private plaintiffs fail to reach a last-minute settlement over costly 2010 Gulf of Mexico disaster

BP went on trial over the 2010 Deepwater Horizon disaster on Monday, after the failure of efforts to reach a last-minute settlement.

US district judge Carl Barbier opened proceedings in New Orleans with a warning that it would be a "lengthy trial".

On Monday he was scheduled to hear several hours of opening statements by lawyers for the companies, federal and state governments and others who sued over the 2010 disaster that left 11 rig workers dead. Barbier was hearing the case without a jury.

The trial is designed to identify the causes of BP's well blowout and assign percentages of fault to the companies. That will help determine how much more each has to pay for their roles in the environmental catastrophe.
Months of negotiations have failed to produce a settlement that could have averted the trial.

BP has said it already has racked up more than $24bn in spill-related expenses and has estimated it will pay a total of $42bn to fully resolve its liability for the disaster that killed 11 workers and spewed millions of gallons of oil.

But the trial attorneys for the federal government and Gulf states and private plaintiffs hope to convince the judge that the company is liable for much more.

The trial is expected to be one of the biggest in decades. It will open with 400 minutes of opening arguments from 11 teams of lawyers. Thousands of pages of pages of exhibits have been filed, and 80 witnesses will be called. Tony Hayward, BP's former chief executive, will appear in a videotaped deposition.

Lawyers for the Justice Department are seeking to prove BP was "grossly negligent" - a loose legal term that means the company deliberately paid scant regard to normal safety procedures in the operation of the Deepwater rig.

Last year the US argued in a court filing that BP had a "culture of corporate recklessness" and had acted with "gross negligence or willful misconduct". The maximum civil penalty possible under the clean water act rises from $1,100 per barrel spilled through ordinary negligence to $4,300 per barrel if gross negligence is proved. BP's bill could be as low as $5bn or as high as $17.5bn, depending on how the court rules.

John Coffee, Adolf A Berle professor of law at Columbia law school, said settlement was still a strong possibility although the case was politically complex. "The bigger cases have a long history of settling on the courthouse steps," he said. "BP have a strong incentive not to go through months of trials where the level of their culpability if the prime issue."

Coffee said that for the states the trial is a "very political issue. Even the government will not want to have appeared to have sold out." That said, Coffee added any trial that centers on "gross negligence" will not be "pleasant experience" for BP. The oil firm then faces a second trial in September to establish the number of barrels of oil spilled that will be used to assess the size of fines.

Live tweets from Dominic Rushe at the trial

LG Buys WebOS from HP to Use on Smart TVs

WebOS gets another shot at life thanks to LG Electronics. LG is acquiring WebOS from Hewlett-Packard, with the intention to use the operating system not for its mobile phones, but in its smart televisions. With the deal, LG obtains the source code for WebOS, related documentation, engineering talent, and related WebOS Web sites. LG also gets HP licenses for use with its WebOS products, and patents HP obtained from Palm. The financial terms of the deal weren’t disclosed. The acquisition marks the end of a sad chapter of WebOS, an operating system that many saw promise in, but was badly mismanaged by HP. Initially hailed as the potential savior of Palm, it was seemingly bailed out by HP before it quickly pulled the plug on its mobile initiative last year. Its mobile products, including a revamped Pre and the infamous TouchPad tablet.

Read the full story at CNET.

MWC 13: MasterCard Shows Off MasterPass, A New PayPass Service

For MasterCard, the future of payments isn't an either-or situation for traditional plastic or digital methods. MasterCard MasterPass aims to streamline your entire shopping experience while bridging the gap between real world and digital payments. MasterPass is the next step in the company's PayPass Wallet services, which brought NFC checkout systems to more than 700,000 merchants. The digital service, announced today at the Mobile World Congress in Barcelona, lets consumers use NFC, QR codes, tags or mobile devices to make purchases. You can use a regular payment card or an enabled mobile device (or even your desktop PC), and MasterPass can be used online and in brick-and-mortar stores. MasterCard is essentially negating the need for you to whip out your credit card unless that's how you want to pay at that moment.

Read the full story at Wired.

Help Wanted: Editor-in-Chief

After some of the best years of my life, I'm leaving Gizmodo. I love this staff like family, but it's time for me to move on. We're going to need a new fearless leader. Job requirements:

• At least TK years experience in design and tech journalism.
• You work like TK [wild animal].
• You know what TK means.
• You are not a wuss.
• You are located in New York.
• A creative mind that will do amazing things with Kinja, our badass new publishing platform that lets you almost touch gadgets and discuss any aspect of an image.
• The best, most ferocious crew on The Internet doesn't chew you up and spit you out like unpopped corn.
• As always, no attachments. Contact Joel Johnson—if you dare.

A note to our readers: I love you. I'll be in the comments to talk it out.

Scientists Find Lost Continent In the Indian Ocean

Scientists have found proof of a sunken continent in the Indian Ocean. According to a study published in Nature Geoscience, the continent "was separated from Madagascar and fragmented into a ribbon-like configuration by a series of mid-ocean ridge jumps during the opening of the Mascarene ocean basin."

Its name is not Atlantis, though. According to the team's investigation, it existed between India and Madagascar before it was lost to the ocean "between 83.5 and 61 million years ago."

The researchers came to this conclusion after finding zircons "more than 1,971 million years old" on the beach of Mauritius:

The zircons were assimilated from ancient fragments of continental lithosphere beneath Mauritius, and were brought to the surface by plume-related lavas.

They used this information and plate tectonic reconstruction to map the continent, which was a slice of land that they called Mauritia. According to the scientists, Mauritius and the Mascarene Plateau "may overlie [this] Precambrian microcontinent," located 6.2 miles under the surface. [Nature Geoscience via BBC News]

Image by Shutterstock

How To Get Top Engineers To Open Your Email Then Join Your Company

Editor’s note: Adam Jackson is a San Francisco-based serial entrepreneur and angel investor. Follow him on Twitter at @adamjacksonsf.

No part of building a startup is tougher than recruiting your team. Current supply is not meeting the demand for qualified people. Even President Obama is aware of this. And while innovative approaches, such as Google's Summer of Code, to increase the number of experienced engineers will help in the long term, they aren't of much consolation to those of us in the entrepreneurial trenches who need engineers to help us build products.

Companies have to compete against every other venture-backed startup, as well as big companies like Google, Twitter and Square that are willing to throw big salaries and perks at top talent. In addition, strategies for recruiting top talent often represent a moving target, as the best strategy five years ago might not be optimal today. For example, in recent years the visibility of talented engineers has increased, with many of them posting detailed profiles on sites like GitHub and Stack Overflow. This increased visibility impacts recruiting strategy.

Even more challenging for our startup in particular is that we are trying to keep a low profile about what we do, so reaching out to engineers is harder at this stage. That said, over the last few months we’ve managed to recruit some incredible folks to join our team. It wasn’t always easy but after some trial and error, we developed a method that worked well for us.

The Job Board Route

I’ve always taken to heart Michael Arrington’s advice to hire the right people and watch every penny, and so it was important to me to focus on strategies that were both effective and offered good ROI. I started by posting to a number of job boards using JobScore.com (an excellent candidate tracking system that also syndicates your listing to dozens of job boards) and quantity wasn’t an issue as lots of resumes came rolling in. However, the quality of the candidates and fit for the roles I was looking to fill wasn’t there.

The next step for me was A/B testing subject headers. If the email never got opened, its contents didn’t matter at all.

One of our primary needs is mobile engineers with 3-5 years of native app experience. Simply put, there aren’t that many folks out there who have that background, and the odds that someone with that background happens to be surfing a job board and comes across our posting are pretty small. So while we didn’t have the success we were hoping for, we also weren't all that surprised.

Targeted Searching

I then began to search directly for potential candidates. There are a lot of ways to do this – Google, LinkedIn, etc. LinkedIn gave me visibility into possible fits, but unfortunately the InMails I sent didn’t get any response. It’s possible that this was due to my initial messaging, but it also could have been due to the fact that the types of people I wanted to reach typically receive a lot of InMails and often just ignore them altogether.

I ended up settling on a tool from a company called Entelo. Entelo gave me the ability to find candidates by showing me their relevant social profiles (e.g., their profile on GitHub), and it also provided, in many cases, contact information. Armed with that information, I was now able to begin to scale my outreach efforts.

Grabbing Their Attention

The next step for me was A/B testing subject headers. If the email never got opened, its contents didn’t matter at all. So I grouped my potential candidates into batches and tested various subject headers against each other. After a number of iterations I discovered that a subject header containing the name of one of our investors performed the highest in terms of response rate.

My final step then was to hone messaging. Unlike most recruiting pitch emails I’ve seen, I worked to focus as much as I could on the candidate instead of simply listing all the reasons why our company was awesome. The goal was to make the email feel personable and to open a dialogue. I wasn’t trying to sell them on anything but rather hoping for an initial conversation.

Within a matter of weeks I had a full pipeline of potential candidates and was in the enviable position of having to reject candidates that I would have previously considered “perfect 10s.” It was a ton of work, especially in the early days, but we now have a team that’s firing on all cylinders and is heads down on building some amazing, scalable software.

Recruiting is certainly daunting and tough at times but also incredibly rewarding. It had been a number of years since I’d built an early-stage team and consider myself lucky to have quickly found a method that worked well. Here’s hoping that some of what I learned will be helpful to you if you’re tasked with building a team of your own.