Google in November will prohibit Android VPN apps in its Play store from interfering with or blocking advertising, a change that may pose problems for some privacy applications.
The updated Google Play policy, announced last month, will take effect on November 1. It states that only apps using the Android VPNService base class, and that function primarily as VPNs, can open a secure device-level tunnel to a remote service.
Such VPNs, however, cannot “manipulate ads that can impact apps monetization.”
The rules appear to be intended to deter data-grabbing VPN services, such as Facebook’s discontinued Onavo, and to prevent ad fraud. The T&Cs spell out that developers must declare the use of VPNservice in their apps’ Google Play listing, must encrypt data from the device to the VPN endpoint, and must comply with Developer Program Policies, particularly those related to ad fraud, permissions, and malware.
Blokada, a Sweden-based maker of an ad-blocking VPN app, worries this rule will hinder at least the previous iteration of its software, v5, and other privacy-oriented software.
“Google claims to be cracking down on apps that are using the VPN service to track user data or rerouting user traffic to earn money through ads,” Reda Labdaoui, marketing and sales manager at Blokada, wrote last week in a a forum post.
“However, these policy changes also apply to apps that use the service to filter traffic locally on the device.”
Labdaoui suggests Blokada v6, which launched in June, should not be affected because it does filtering in the cloud without violating Google’s device policies. But other apps may not be so fortunate.
Labdaoui points to the DuckDuckGo Privacy Browser for Android, which creates a local VPN service to make its App Tracking Protection block tracker server connections, as a potential casualty of the new Play policy.
DuckDuckGo, however, isn’t convinced. “We don’t believe we’ll be impacted by the policy but our team is continuing to review it,” a spokesperson for the company told The Register in an email.
Another app that could be affected is Jumbo for Android, which also appears to utilize VPN-related code to block trackers.
Google’s policy is not unique. Apple’s iOS App Store includes a similar requirement to use a specific VPN API, named NEVPNManager, which is available only to developers who are part of an organization, not unaffiliated individual developers.
The iOS rules state, “You must make a clear declaration of what user data will be collected and how it will be used on an app screen prior to any user action to purchase or otherwise use the service. Apps offering VPN services may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy.”
While Apple’s VPN rules do not specifically address interfering with ads, it’s likely the iOS guidelines leave enough room for interpretation that Apple could ban an iOS app that interferes with the functioning of other apps, were it so inclined.
Google for years has disallowed Android apps that block ads in other Android apps (with the exception of browsers), and its Chrome Web Store includes language that could be used to ban ad blocking extensions if Google chose to do so. For example, “We don’t allow content that harms or interferes with the operation of the networks, servers, or other infrastructure of Google or any third-parties.”
However, Google has maintained that it wants to let developers “create safer and more performant ad blockers,” even as its pending Manifest v3 transition looks likely to make such extensions less capable.
Google did not respond to a request for comment. ®