- An upcoming policy change will make it much more difficult for Android apps to access your call logs and SMS data.
- In the future, only apps which you set as your default dialer or SMS client will be able to access your logs.
- This will prevent apps from having more access than necessary to your potentially sensitive information.
Google’s overall policy when it comes to Android apps is simple: applications shouldn’t ask for permissions which are unnecessary for the function of the app. If apps are found to violate this basic policy, it could result in restrictions or possibly even removal from the Google Play Store.
However, what if an app wants to do things related to making phone calls and sending text messages? Should that app have the ability to access your potentially sensitive call logs and SMS data simply through a normal permissions request notification?
Google thinks that is too open-ended, which is why it is specifying a new policy which will prevent applications from even asking for access to your call logs and/or SMS data unless you choose to make that app the default service for making phone calls or sending texts.
This will hopefully prevent apps you’ve downloaded but don’t use often from continuing to monitor your call logs and SMS data after you’ve installed them and given them permission to do so.
Granted, there are still ways rogue developers could abuse this policy, but it will at least make things a little more difficult.
As an example, a developer could create an SMS app. A user downloads the SMS app and a notification pops up which asks the user if they would like to set this new app as the default SMS service. The user says yes, the user grants permission for the app to view SMS data, and the deed is done.
However, right now a developer could create an app which uses SMS in some way but doesn’t need to be set as the default service. The app can ask for access to SMS data, the user can agree, and even though the user may never use that app again, it will continuously have access to their data.
In other words, this new policy isn’t 100 percent secure, but it’s certainly better than the current policy. And, either way, it’s the user’s responsibility to only grant permissions to trustworthy apps.
Google is giving developers a grace period of 90 days from today to fix their apps which might violate this new policy. After the 90 days are up, there could be disciplinary action for violations.
You can read more about the policy update here.