Every purchase made on Google Play, the store on the Android platform, results in the email address, neighbourhood and name of the purchaser being sent to the developer of the purchased application.
The sharing of customers' details is not outlined in either the terms of service on Google Play or in the company's privacy statement, according to AppleInsider.
The discovery was originally made by Australian software developer Dan Nolan who posted about it in his blog.
Nolan is the creator of the Paul Keating insult generator application; he discovered the fact that details are leaked when he logged in to make some changes to his account after he had released a version of the app for the Android platform.
What happens if these details are stolen via a malware attack on some developers' machine? Will Google take responsibility? Or will it still claim to be a company that does no evil?