“Privacy concerns on various tech platforms pre-occupied pretty much of our 2018. There were breaches (even Google wasn’t spared as these were eventually the straw that broke the back of its failed social network), there were concerns (almost a normal thing on the Android platform) and there were the sweeping changes brought about by the passage of Europe’s data protection legislation, GDPR.
To address many of the challenges raised by users and privacy advocates around the world, Google announced, several new measures aimed at safeguarding user data.
Building on the app permissions it had introduced over 3 years earlier, in late 2018, Google announced the introduction of granular account permissions. This was a departure from the then practise of bundling related app permissions and presenting them to users for blanket approval without letting users choose which specific permissions they wanted to grant access to an app.
“We will show each permission that an app requests one at a time, within its own dialog, instead of presenting all permissions in a single dialog*. Users will have the ability to grant or deny permissions individually,” the company noted in a blog post in early October.
Alongside that announcement, Google also made it known that going forward, it would limit the kind of access developers had to user data with regards to call and SMS records noting that the access was either being abused or not being used as intended. “When users grant SMS, Contacts and Phone permissions to Android apps, they do so with certain use cases in mind.”
As such, developers whose apps require access to call logs and SMS have been required to fill out a form letting Google know of the same or go out and remove the need for such access, failure of which, as noted in the Android developer blog yesterday, they risk having their apps removed from the Google Play platform.
“Our new policy is designed to ensure that apps asking for these permissions need full and ongoing access to the sensitive data in order to accomplish the app’s primary use case, and that users will understand why this data would be required for the app to function.”
Already, there has been outcry over certain useful services that are heavily reliant on SMS access, being broken. Popular phone anti-theft app Cerberus has had one of its main features – the ability for users who have lost their phones to remotely send a predetermined keyword to their lost device and either lock it or wipe it as well as for them to receive SMS alerts when things like SIM swaps happen – disabled as a result [Twitter].