It's not just getting a DUNS number. You also need to consent to having your home address (no PO box or virtual mailbox, needs to be a physical address for your "business") listed publicly on the DUNS website and on all your Google Play Store app pages.
Other app stores are similar, so probably it's some dumb government regulation.
I created a free, offline, opensource app on Google Play, no monetization or payments, as an individual. When this change rolled out I was required to verify my identity and set up a payment profile or else my app and account would be deleted.
After I went through half of the process, they showed a "here's what your users will see on the play store listing under 'About the developer' section!" This included my full legal name, personal email address, and country, which is enough information to find my home address and other information in public registries. This app serves an online community that can be quite crazy and I was absolutely not going to doxx myself to them. I decided I had enough of Google so I gave the app away to a company
- email address is just the one associated with the Google account, it sucks if you started the application on your personal google account, but you can still change it
- you need a payment profile to pay the account fee + verify your identity, the last part is probably very important for anti-spam
- I can understand that legal name + country can be considered doxxing, but I think it's highly relevant information for users
Of course these requirements could be relaxed for low-risk applications (i.e. no INTERNET permission), but I think it's understandable there is so few of them nowadays that it is not a priority.
In what way is knowing the full legal name of a developer relevant to end users? I work in the App Store analytics space and even I have never once thought “I wonder what the full legal name and address of the app developer is. I’d love to drive to their place physically or mail a letter 1800s style to discuss their app”
The most I’d ever wonder about is maybe their country of origin.
For the 1 in 10,000 case of someone actually legitimately suing someone, publicly showing this info to everyone will also create a 100% chance of being sent spam or phishing emails with your real name and country, 1 in 2 chance of some troll signing you up for something nasty, 1 in 50 chance of someone ordering pizza to your house that you have to pay for, 1 in 500 chance of an angry user demanding you add some feature or delete the app else he'll do something bad with your information, 1 in 1000 chance of being SWATted, etc...
If your app is something that's currently politically controversial (e.g. it's an app for trans people), multiply these probabilities by 10.
I didn't make these rules. Just pointing out why this stuff is flowing down hill from government regulations and the overreaction of the private companies who have in the business model no allowance for nuance or human intervention at scale. Make rules so tight that people who are neither paid nor empowered to make decisions can enforce it.
If people don't want to be accountable for their app in any way, maybe they just don't have to have their apps out there. There are other venues, app stores, sideloading, where apps can be put up by random people with no verifiable information and even less trustworthiness than some random app from play store.
F-Droid allows random people with no verifiable information to publish apps, and AFAIK there's never been a single case of malware or something malicious.
The same can't be said about Google Play where I can usually find malware at any time with specific search queries. These are apps that should have never been approved in the first place because they're blatantly impersonating another app.
The people who make this malware won't be accountable, because they don't register their own developer account and verify their own identity. They go around emailing the contact email of every small developer on Google Play, saying that they'll buy their developer profile or pay for them to upload an app. I got many such emails as it is.
Yeah, I wanted to add that it may be less of a problem when there's source code, but sideloading and third party app stores includes apps that don't have source code available, like random loose apks people just download and install, or just third party stores that aren't open source oriented (like game stores, phone maker stores, etc.) Checking source code is also not an option on play store itself, so they might want to have some other ways of verifying where something comes from and letting other people check something for themselves.
No it wouldn't be "fair" and it's not just if you want to monetize your app. D-U-N-S number is required for developer account creation regardless of whether you plan to monetize or not.
They didn't explicitly ask for a home address, just a physical address. But for a hobbyist dev, home address is probably all you have so effectively that's what they're asking for. Or for you to rent an office somewhere, which I guess is what they wanted you to do by asking for a commercially zoned adddress.
Other app stores are similar, so probably it's some dumb government regulation.