Eager to change the conversation from their years-long exposure of user data via Google+ to the bright, shining future the company is providing, Google has announced some changes to the way permissions are approved for Android apps. The new process will be slower, more deliberate, and hopefully secure.
The changes are part of “Project Strobe,” a “root-and-branch review of third-party developer access to Google account and Android device data and our philosophy around apps’ data access.” Essentially they decided it was time to update the complex and likely not entirely cohesive set of rules and practices around those third-party developers and API access.
One of those roots (or perhaps branches) was the bug discovered inside Google+, which theoretically (the company can’t tell if it was abused or not) exposed non-public profile data to apps that should have received only a user’s public profile. This, combined with the fact that Google+ never really justified its own existence in the first place, led to the service essentially being shut down. “The consumer version of Google+ currently has low usage and engagement,” Google admitted. “90 percent of Google+ user sessions are less than five seconds.”
But the team doing the review has plenty of other suggestions to improve the process of informed consent to sharing data with third parties.
The first change is the most user-facing. When an application wants to access your Google account data — say your Gmail, Calendar, and Drive contents for a third-party productivity app — you’ll have to approve each one of those separately. You’ll also have the opportunity to deny access to one or more of those requests, so if you never plan on using the Drive functionality, you can just nix it and the app will never get that permission.
These permissions can also be delayed and gated behind the actions that require them. For instance, if this theoretical app wanted to give you the opportunity to take a picture to add to an email, it wouldn’t have to ask up front when you download it. Instead, when you tap the option to attach a picture, it would ask permission to access the camera then and there. Google went into a little more detail on this in a post on its developer blog.
Notably there is only the option to “deny” or “allow,” but no “deny this time” or “allow this time,” which I find to be useful when you’re not totally on board with the permission in question. You can always revert the setting manually but it’s nice to have the option to say “okay, just this once, strange app.”
The changes will start rolling out this month, so don’t be surprised if things look a little different next time you download a game or update an app.
The second and third changes have to do with limiting what data from your Gmail and messaging can be accessed by apps, and what apps can be granted access in the first place.
Specifically, Google is restricting access to these sensitive data troves to apps “directly enhancing email functionality” for Gmail and your default calling and messaging apps for call logs and SMS data.
There are some edge cases where this might be annoying to power users; some have more than one messaging app that falls back to SMS or integrates SMS replies, and this might require those apps to take a new approach. And apps that want access to these things may have trouble convincing Google’s review authorities that they qualify.
Developers will also need to review and agree to a new set of rules governing what Gmail data can be used, how they can use it, and the measures they must have in place to protect it. For example, apps are not allowed to “transfer or sell the data for other purposes such as targeting ads, market research, email campaign tracking, and other unrelated purposes.” That probably puts a few business models out of the running.
Apps looking to handle Gmail data will also have to submit a report detailing “application penetration testing, external network penetration testing, account deletion verification, reviews of incident response plans, vulnerability disclosure programs, and information security policies.” No fly-by-night operations permitted, clearly.
There will also be additional scrutiny on what permissions developers ask for to make sure it matches up with what their app requires. If you ask for Contacts access but don’t actually use it for anything, you’ll be asked to remove that, since it only increases risk.
These various new requirements will go into effect next year, with application review (a multi-week process) starting on January 9; tardy developers will see their apps stop working at the end of March if they don’t comply.
The relatively short timeline here suggests that some apps may in fact shut down temporarily or permanently due to the rigors of the review process. Don’t be surprised if early next year you get an update saying service may be interrupted due to Google review policies or the like.
These changes are just the first handful issuing from the recommendations of Project Strobe; we can expect more to appear over the next few months, though perhaps not such striking ones. To say Gmail and Android apps are widely used is something of an understatement, so it’s understandable that they would be focused on first, but there are many other policies and services the company will no doubt find reason to improve.