Slashdot Mirror
Google Play Starts Manually Whitelisting SMS, Phone Apps (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: Google is implementing major new Play Store rules for how Android's "SMS" and "Call Log" permissions are used. New Play Store rules will only allow certain types of apps to request phone call logs and SMS permissions, and any apps that don't fit into Google's predetermined use cases will be removed from the Play Store. The policy was first announced in October, and the policy kicks in and the ban hammer starts falling on non-compliant apps this week.
Google says the decision to police these permissions was made to protect user privacy. SMS and phone permissions can give an app access to a user's contacts and everyone they've ever called, in addition to allowing the app to contact premium phone numbers that can charge money directly to the user's cellular bill. Despite the power of these permissions, a surprising number of apps ask for SMS or phone access because they have other, more benign use cases. So to clean up the Play Store, Google's current plan seems to be to (1) build more limited, replacement APIs for these benign use cases that don't offer access to so much user data and (2) kick everyone off the Play Store who is still using the wide-ranging SMS and phone permissions for these more limited use cases. Google provides a help page that helps explain the new rules and offer workarounds for some use cases.
Google says the decision to police these permissions was made to protect user privacy. SMS and phone permissions can give an app access to a user's contacts and everyone they've ever called, in addition to allowing the app to contact premium phone numbers that can charge money directly to the user's cellular bill. Despite the power of these permissions, a surprising number of apps ask for SMS or phone access because they have other, more benign use cases. So to clean up the Play Store, Google's current plan seems to be to (1) build more limited, replacement APIs for these benign use cases that don't offer access to so much user data and (2) kick everyone off the Play Store who is still using the wide-ranging SMS and phone permissions for these more limited use cases. Google provides a help page that helps explain the new rules and offer workarounds for some use cases.
There are sooo many Android apps that look nice - and free - at first, but then want to access every nook and cranny of your Android device, including the ability to look through your contacts directory and listen in/report on any phonecalls or other communications you perform with the device. My guess is that some of these apps are actually made by state-actors who want to eavesdrop on unsuspecting smartphone users all over the world.
My guess is just that the developer wants to make money from ads, and incorporated an ad SDK from a third party without thinking. And the ad broker who wrote that SDK obviously wants to scrape as much information as possible from the device so they can (1) target ads more precisely, (2) sell the data.
(I base this on having seen how universal it is to consume third-party SDKs without even thinking about how the SDK works...)