Starting in Nov. 2022, Google will prevent Android VPN apps hosted on its Play Store marketplace from blocking or interfering with ads. While the new policy looks to counter data-harvesting VPN services and ad manipulation fraud, it could also impact legitimate VPN apps.
First announced in late July of 2022, this new policy will take effect on Nov. 1 and applies to Android VPN service providers that use the VPN Service base class.
“Only apps that use the VPNService and have VPN as their core functionality can create a secure device-level tunnel to a remote server,” said Google in its announcement. However, there are exceptions allowed for apps that use remote servers “for core functionality,” like parental control apps, anti-virus solutions, firewalls, web browsers, remote access tools, carrier apps, and app usage trackers.
This means that these apps can also create secure device-level tunnels to a remote server but are not required to function as VPNs.
Google’s update seems targeted against VPN providers that collect sensitive personal data from users without seeking their consent or disclosing this activity beforehand.
Additionally, the policy takes aim at VPNs that impact app monetization by manipulating ads along with those that redirect or manipulate traffic for monetization purposes (like redirecting ad traffic through a different country than the user).
These changes by Google should increase user privacy by neutralizing intrusive Android apps that masquerade as legitimate VPNs in order to track and collect user data. However, some developers worry that this update policy may also negatively impact legitimate privacy apps on the tech company’s Play store.
Along with restricting VPN apps from manipulating ads or collecting user data, these changes will impact any apps that use the VPNService to apply local traffic filters on devices.
In its policy, Google also mentioned a series of requirements for apps that use the VPNService base class, which include:
- Documenting VPNService base class usage in the Google Play listing.
- Encrypting data from the Android device to the VPN tunnel exit node (the VPN server).
- Abiding “by all Developer Program Policies including the Ad Fraud, Permissions, and Malware policies.”