Google Play Starts Manually Whitelisting SMS, Phone Apps

An anonymous reader quotes a report from Ars Technica: Google is implementing major new Play Store rules for how Android's "SMS" and "Call Log" permissions are used. New Play Store rules will only allow certain types of apps to request phone call logs and SMS permissions, and any apps that don't fit into Google's predetermined use cases will be removed from the Play Store. The policy was first announced in October, and the policy kicks in and the ban hammer starts falling on non-compliant apps this week.

Google says the decision to police these permissions was made to protect user privacy. SMS and phone permissions can give an app access to a user's contacts and everyone they've ever called, in addition to allowing the app to contact premium phone numbers that can charge money directly to the user's cellular bill. Despite the power of these permissions, a surprising number of apps ask for SMS or phone access because they have other, more benign use cases. So to clean up the Play Store, Google's current plan seems to be to (1) build more limited, replacement APIs for these benign use cases that don't offer access to so much user data and (2) kick everyone off the Play Store who is still using the wide-ranging SMS and phone permissions for these more limited use cases. Google provides a help page that helps explain the new rules and offer workarounds for some use cases.

Long Overdue Step

[dryriver]

There are sooo many Android apps that look nice - and free - at first, but then want to access every nook and cranny of your Android device, including the ability to look through your contacts directory and listen in/report on any phonecalls or other communications you perform with the device. My guess is that some of these apps are actually made by state-actors who want to eavesdrop on unsuspecting smartphone users all over the world - the information gleaned from users in other countries of these smartphone apps may be worth gold to these state-actors.

Re:Long Overdue Step

[ljw1004]

There are sooo many Android apps that look nice - and free - at first, but then want to access every nook and cranny of your Android device, including the ability to look through your contacts directory and listen in/report on any phonecalls or other communications you perform with the device. My guess is that some of these apps are actually made by state-actors who want to eavesdrop on unsuspecting smartphone users all over the world.

My guess is just that the developer wants to make money from ads, and incorporated an ad SDK from a third party without thinking. And the ad broker who wrote that SDK obviously wants to scrape as much information as possible from the device so they can (1) target ads more precisely, (2) sell the data.

(I base this on having seen how universal it is to consume third-party SDKs without even thinking about how the SDK works...)

How about Hangouts?

[sremick]

How about they give back SMS permissions to the Hangouts app, so that it can register as the default SMS app and those of us who use our Google Voice # as our primary SMS can have the seamless integration back? As it is now, I can't click on a phone # from a contact to launch sending a text... or any other app that shows phone numbers. Instead, I have to go into Hangouts first then initiate the text from there.

I know it's be really complicated for Google to work with the company that makes Hangouts, but I'm sure some sort of channel of communication could be opened so that proper interoperability could be restored like it used to.

Intentional tracking apps

[A.+Craig+West]

Google cracked down on Android Lost a little while ago, which I find rather annoying. I have my own phones lo-jacked in case they get stolen, but now the app gets disabled by default. I'm sure this will be even worse now...