Beginning this week, Google has announced some striking decisions that takes a leap towards user privacy. In addition to the shocking announcement of shutting down Google+, it has also announced some major changes for Android apps. According to new policies, Google restricts Android apps from unnecessarily accessing your personal data. This particularly includes permissions for accessing SMS, call logs, and Gmail.
Google Restricts Android Apps From Accessing Gmail Unnecessarily
Google’s Project Probe has come up with some unusual findings. On one hand, their audit observations compelled them to shut down Google Plus. On the other hand, we see some major changes regarding how Android apps handle user data. As announced in their official blog post, Google restricts Android apps from unnecessarily accessing your personal data. This includes asking permissions to access call logs, SMS, and Gmail.
With regards to accessing Gmail, Google observed that apps ask permissions to access Gmail having “certain use cases” behind. Hence, Google is limiting those use cases, whilst making them abide by Google’s policies for handling user data. As stated in the blog,
Only apps directly enhancing email functionality—such as email clients, email backup services and productivity services (e.g., CRM and mail merge services)—will be authorized to access this data. Moreover, these apps will need to agree to new rules on handling Gmail data and will be subject to security assessments.
Apps Restricted To Access Call Logs And SMS
Similar to the way it protects Gmail, Google has also restricted Android apps from accessing SMS and call logs. As described by Google’s VP Engineering, Ben Smith,
We are limiting apps’ ability to receive Call Log and SMS permissions on Android devices, and are no longer making contact interaction data available via the Android Contacts API.
However, the default messaging and call apps remain an exception to this policy. As stated by Google,
Only an app that you’ve selected as your default app for making calls or text messages will be able to make these requests. (There are some exceptions—e.g., voicemail and backup apps.)
Moreover, Google has also announced another change that will take place in the next few months.
Additionally, as part of the Android Contacts permission, we had provided basic interaction data… We will remove access to contact interaction data from the Android Contacts API within the next few months.
Google has already cleared several malicious apps from the Play Store over the past few months. The growing negative perception regarding Android’s user data security policies urged Google to take these decisions. Let’s see how the apps that we commonly use behave now since Google has limited them from explicit permissions.
Take your time to comment on this article.
Latest posts by Abeerah Hashim (see all)
- Logitech Options App Vulnerability Could Allow Keystroke Injection Attacks - December 16, 2018
- Researcher Found Samsung User Accounts Vulnerable To CSRF Attacks - December 16, 2018
- Seven WordPress Vulnerabilities Fixed In Version 5.0.1 - December 16, 2018