Google promises tighter and better privacy controls
Google announced plans yesterday to improve privacy for customers on Android, Gmail, and other services and apps that make use of Google account data.
The company published findings of an internal project called Strobe yesterday; it used the project to analyze how third-party developers interact with Google account and Android device data, and whether interactions affected user privacy.
Google made the decision to shut down Google+, the company's social networking service, and make a number of other changes to strengthen user privacy by limiting developers or changing existing workflows.
The company made a similar change to Chrome's permissions system for extensions earlier this month.
Changing permission requests
Some Android applications and services request extra permissions when they are installed or when a Google account is linked to the app. They may request access to the calendar, contacts, or access to files hosted on Google Drive.
Permission requests are displayed all at once at the moment regardless of how many requests an application or service makes.
Users can allow or disallow access to these permissions, but they can't give apps or services access to some permissions only. It is an all or nothing approach right now when it comes to granting permissions.
Going forward, Google plans to change permission requests by displaying individual requests to users during setup and giving users to grant or deny requests individually.
The screenshot above highlights the new process. It begins with the selection of the Google Account that you want to use for the sign-in just like it did previously. The process displays each permission prompt on its own screen giving users options to deny or allow it. Google displays a final screen on which it highlights requests and granted permissions.
Limiting Apps access to Gmail
New policies for Gmail APIs will go into effect on January 9, 2019 to enforce stronger controls and policies in regards to user data such as email content or contacts.
Google plans to limit which applications, which use the Gmail API, may access data on Gmail.
Only apps directly enhancing email functionalityâ€”such as email clients, email backup services and productivity services (e.g., CRM and mail merge services)â€”will be authorized to access this data.
Google lists the following permitted application types on the Google Developers site:
- Native and web email clients.
- Email backup applications.
- Productivity enhancing applications.
- Reporting or monitoring services and apps.
Apps that are still allowed to access data are subject to security assessments. Developers may check this article on the Google Cloud blog for detailed information.
Applications are only allowed to use the data for "user-facing features" and "may not transfer or sell the data for other purposes such as targeting ads, market research, email campaign tracking, and other unrelated purposes".
Limiting Android apps' access to SMS, Contacts, and Phone permissions
The final change affects applications that request permissions to access SMS, Contact data or Phone permissions on Android devices.
Only the application that is set as the default application for making calls or text messages will be allowed to access the data according to Google's plans.
There are some exceptions to this, e.g. backup applications or voicemail applications. The option to access contact interaction data will be removed from the Android Contacts API in the coming months next to that.
Google restricting third-party application access to user data is a welcome step that has been long overdue. It remains to be seen how well the new permission request system works for users and application developers, and whether there will be an increase in user support requests.
Ultimately though, it is a good change that gives users more control over their data.
Now You: What is your take on the changes?Advertisement