Data Breach: Google limits third-party app access to users’ data

Spread the love

Google has announced a new Play Store policy meant to prevent intrusive Android apps from collecting call log and SMS information from users’ devices.

According to Google, only an app that has been selected as the phone’s default app for making calls or sending text messages will be able to access call logs and SMS data via the SMS and Call Log permissions.

The new policy entered into effect yesterday. Android app developers have 90 days to update their apps accordingly.

Google says that alternative APIs, such as the SMS Retriever API, the SMS Intent API, the Share Intent API, or the Dial Intent API can be used as replacements for some of the features powered by having direct access to the SMS and Call Log permissions.

The Android OS maker hopes that by restricting access to the SMS and Call Log permissions it will reduce the instances where a simplistic Android app tricks users into giving it access to these two permissions, access they use to harvest call records and SMS data, which they later upload to an online server for further analysis.

These types of malicious apps have been a plague on the Play Store for the past few years. They are usually disguised as flashlight apps, games, game guides, cheats, or other worthless tools, but which request access to a trove of permissions that they later use to harvest user data to sell to advertising companies.

In a blog post on the Android Developers Blog, Google said it would be rolling out additional controls across several products and platforms in the coming months to stop this kind of abusive behavior.

The new Play Store policy in regards to access to the Call Log and SMS permissions was announced as part of Project Strobe, a coordinated effort on Google’s part to secure user data.

During  Project Strobe announcement, Google also announced it was shutting down the Google+ social network after an API bug exposed the private details of over 500,000 users, and also announced new rules for third-party apps to access Gmail data after privacy concerns were raised in July that some third-party apps might be pilfering inbox data.

 

Credit: ZDNet

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users’ Data


Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *