22 May 2019
Google has finally started tightening its security measures in a bid to improve privacy-related issues on Android. Given the nature of Android, it has been slightly easy for developers to get access to users data, however, it stands to change now as the company has decided to remove apps which request permission to access call logs and SMS text message, that haven’t been manually verified by the staff.
In its bid to make the Android ecosystem more secure, Google announced in October that Android Apps will no longer be allowed legacy permissions instead use newer, secure, and privacy-focused APIs. A lot of Android apps genuinely access call log and messages to verify two-factor codes or for other purposes.
“Our new policy is designed to ensure that apps asking for these permissions need full and ongoing access to the sensitive data in order to accomplish the app’s primary use case, and that users will understand why this data would be required for the app to function,” wrote Paul Bankhead, Google’s director of product management for Google Play.
Google is now asking app developers to fill this form if they want to retain such access. The company will then manually review apps and will ascertain why the app needs access to data along with user benefits and risks involved in allowing access to user data.
I tested over 15 fake GPS Navigation apps with over 50,000,000 installs from #GooglePlay that violate Google rules.— Lukas Stefanko (@LukasStefanko) January 17, 2019
These apps just open Google Maps or use their API without any additional value for user, except for displaying ads.
Some of them don't even have proper app icon. pic.twitter.com/eeIFQS5IVU
This comes in days after a researcher pointed out 19 fake GPS apps with over 50 million installs which run native Google Maps rather than providing any GPS related info and show advertisements. Which means that these developers had not created any functionality and yet were making money by showing advertisements through the app.
Google had earlier as well removed a lot of such fake apps and now as well has received a lot of requests from developers hoping to continue accessing user data, however, let us see how Google deals with non –compliant apps after the deadline i.e March 9th.