Google announced plans yesterday to improve privacy for customers on Android, Gmail, and other services and apps that make use of Google account data.
The company published findings of an internal project called Strobe yesterday; it used the project to analyze how third-party developers interact with Google account and Android device data, and whether interactions affected user privacy.
Google made the decision to shut down Google+, the company's social networking service, and make a number of other changes to strengthen user privacy by limiting developers or changing existing workflows.
The company made a similar change to Chrome's permissions system for extensions earlier this month.
Some Android applications and services request extra permissions when they are installed or when a Google account is linked to the app. They may request access to the calendar, contacts, or access to files hosted on Google Drive.
Permission requests are displayed all at once at the moment regardless of how many requests an application or service makes.
Users can allow or disallow access to these permissions, but they can't give apps or services access to some permissions only. It is an all or nothing approach right now when it comes to granting permissions.
Going forward, Google plans to change permission requests by displaying individual requests to users during setup and giving users to grant or deny requests individually.
The screenshot above highlights the new process. It begins with the selection of the Google Account that you want to use for the sign-in just like it did previously. The process displays each permission prompt on its own screen giving users options to deny or allow it. Google displays a final screen on which it highlights requests and granted permissions.
New policies for Gmail APIs will go into effect on January 9, 2019 to enforce stronger controls and policies in regards to user data such as email content or contacts.
Google plans to limit which applications, which use the Gmail API, may access data on Gmail.
Only apps directly enhancing email functionality—such as email clients, email backup services and productivity services (e.g., CRM and mail merge services)—will be authorized to access this data.
Google lists the following permitted application types on the Google Developers site:
Apps that are still allowed to access data are subject to security assessments. Developers may check this article on the Google Cloud blog for detailed information.
Applications are only allowed to use the data for "user-facing features" and "may not transfer or sell the data for other purposes such as targeting ads, market research, email campaign tracking, and other unrelated purposes".
The final change affects applications that request permissions to access SMS, Contact data or Phone permissions on Android devices.
Only the application that is set as the default application for making calls or text messages will be allowed to access the data according to Google's plans.
There are some exceptions to this, e.g. backup applications or voicemail applications. The option to access contact interaction data will be removed from the Android Contacts API in the coming months next to that.
Google restricting third-party application access to user data is a welcome step that has been long overdue. It remains to be seen how well the new permission request system works for users and application developers, and whether there will be an increase in user support requests.
Ultimately though, it is a good change that gives users more control over their data.
Now You: What is your take on the changes?Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.