A developer today has revealed a potential privacy bug with Google Play. Sydney app developer, Dan Nolan discovered that when customers bought his app from the Google Play Store, their details were sent to his Google Play Developer account. As Nolan says on his blog, “If you bought the app on Google Play (even if you cancelled the order) I have your email address, your suburb, and in many instances your full name.”
It seems that the bug is linked to Google Wallet, the payment gateway that Google uses for processing payments to developers in Google Play. It seems that Google Wallet does not distinguish payments made for actual physical goods and virtual payments, and nowhere does it state during the app checkout process that your information is being sent to a third party. Dan stresses that this particular bug has a large chance of being abused by unscrupulous developers and spammers, and should be fixed by Google.
Source: Dan Nolan