Closed zahidcataltas closed 1 year ago
dirkam
commented
2 years ago @zahidcataltas @vaibhavantil1
Even if they claim they don't share the data, should you as the developer say that you share the data? Google is a third-party from this point of view. Or, is it based on that Google is considered as a service provider in this, which is a special case for the data safety form?
vaibhavantil1
commented
2 years ago Hey 👋
First of all sharing data with SDKs is super confusing especially when SDKs collect data automatically. I have been getting these questions around both the Android projects.
We are enhancing my to detect data flows to SDKs automatically so that we do not have to rely on these docs. Also, eventually use the same scanner to build this database.
Finally - Yes, if Google is a service provider data sharing is not needed but data collection still needs to be checked. Problem is that service provider definition holds when you decide how data is processed however if google sdks are automatically collecting data where you have not control then that will be sharing too.
Hope this helps.
vaibhavantil1
commented
1 year ago Hi All, we launched an enhanced Play Store Data Safety Generator that can automatically detect data flows to these SDKs so we don't have to rely on documentation alone but actual code can guide the report.
You can try the tool here, it is in Public beta, works for JAVA and is Open Source: https://github.com/Privado-Inc/privado
Hello, thank you for your hard work. You must have researched, I'm not saying it's absolutely wrong. I just want to understand.
You said that for many google sdks we have to say "yes" to both data collection and data sharing. For example google maps sdk. But in google play, google maps app says in their description that it only collects data, no shared data.
https://play.google.com/store/apps/details?id=com.google.android.apps.maps&hl=tr&gl=US