A few hours ago the company announced its “non-shocking” plans to shut down Google+ social media network following a “shocking” data breach incident.
Now to prevent abuse and potential leakage of sensitive data to third-party app developers, Google has made several significant changes giving users more control over what type of data they choose to share with each app.
The changes are part of Google’s Project Strobe—a “root-and-branch” review of third-party developers access to Google account and Android device data and of its idea around apps’ data access.
Restricted Call Log and SMS Permissions for Apps
Google announced some new changes to the way permissions are approved for Android apps to prevent abuse and potential leakage of sensitive call and text log data by third-party developers.
While the apps are only supposed to request permission those are required for functioning properly, any Android app can ask permission to access your phone and SMS data unnecessarily.
To prevent users against surveillance and commercial spyware apps, Google has finally included a new rule under its Google Play Developer Policy that now limits Call Log and SMS permission usage to your “default” phone or SMS apps only.
“Only an app that you’ve selected as your default app for making calls or text messages will be able to make these requests. (There are some exceptions—e.g., voicemail and backup apps.),” Google said.
Restricted Gmail API for Limited Apps
Since APIs can allow developers to access your susceptible data from your Gmail email account, Google has now finally decided to limit access to Gmail API only for apps that directly enhance email functionality—such as email clients, email backup services and productivity services.
New Privacy Interface for Third-Party App Permissions
When third-party app prompts users to access their Google account data, clicking “allow” approve all requested permissions at once, leaving an opportunity for malicious apps to trick users into giving away powerful permissions.
But now Google has updated its Account Permissions system that asks for each requested permission individually rather than all at once, giving users more control over what type of account data they choose to share with each app.
While the change went into effect today, the developers have been given 90 days (January 6th) update their apps and services. After that, the updated Developer Policy will get enforced on its own.
Besides these changes, in next few hours, at 11 AM ET, Google is going to announce some cool new gadgets and Pixel devices at its third annual “Made By Google” event in New York.
Stay tuned for more updates.
This post appeared first on The Hacker News