Google has imposed restrictions on third-party apps that ask for sensitive user data like access to SMS or Call Log and has made it mandatory for all apps, including default handlers, requesting access, to fill a declaration form to receive Google Play approval. The company says that the apps will only get access to Call Log or SMS permissions to enable their core functionality -- the main purpose of the app.
“Some Android apps ask for permission to access a user’s phone (including call logs) and SMS data. Going forward, Google Play will limit which apps are allowed to ask for these permissions. Only an app that you’ve selected as your default app for making calls or text messages will be able to make these requests,” Google said in its review of the third-party developer access to Google accounts and Android device data. In the blog, the company also announced that it will remove access to contact interaction data from the Android Contacts API within the next few months.
It is like the two sides of a coin. For consumers, it will be a boon because now they can feel safe while storing important information like passwords, PINs, etc, and digital currency. But for institutions like lending and financial services companies, that depend on such information to determine customers’ credit scores, as well as ecommerce companies that scrape this information to build customer profiles, this could be a bummer.
Google also listed some exceptions, which include Caller ID, spam detection, and blocking apps, connected device companion apps (for example, smartwatch, automotive), apps that are used for cross-device synchronisation or transfer of SMS or calls, apps for SMS-based financial transactions and related activity where access is restricted to financial SMS transactions (for example, 5-digit messages) and apps for doing proxy calls (for example, VoIP Calling).
“In the coming months, we’ll roll out additional controls and update policies across more of our APIs. As we do so, we’ll work with our developer partners to give them appropriate time to adjust and update their apps and services. Our goal is to support a wide range of useful apps, while ensuring that everyone is confident that their data is secure. By giving developers more explicit rules of the road, and helping users control your data, we can ensure that we keep doing just that,” Google added.