Since Facebook's Cambridge Analytica data scandal, ensuring privacy and transparency has become a sensitive matter for most companies. In fact, some firms like Apple have even begun to publicly boast about their ecosystem's security and respect for user privacy.
To that end, Google has now announced that it will finally start removing apps from the Play Store which require access to a user's Call Log or SMS without permission from the company.
The change in policy was first announced in October 2018 in a bid to "protect users" and is now in effect. Developers which require access to Call Logs and SMS were requested to fill a permissions declaration form under which their apps would be reviewed to ensure that they really do require access to sensitive information after gaining permission from the user.
According to Google, the following criteria were considered in the review process:
- Likelihood that an average user would understand why this type of app needs full access to the data.
- User benefit of the feature.
- Importance of the permission relative to the core functionality of the app.
- Risks presented by all apps with this use case having access to this sensitive data.
- Availability of more narrow alternatives for enabling the feature.
In some cases, developers have been asked to resort to more restrictive APIs which will give them access only to the required information. In others, for example, where apps require sharing via SMS, developers are expected to populate the default SMS app using Intents.
Google has warned that over the next few weeks, it will be removing apps from Google Play which require access to SMS and Call Logs without permission from the company. Developers who already filled their form have until March 9, 2019 to get their requests approved. Meanwhile, developers who get their apps removed are requested to either remove the problematic permissions from their app's manifest file or to submit a permissions declaration form and get it approved before March 9.