back to article Google to yoink apps with an unauthorized Call Log or SMS habit from Android Play Store

Paul Bankhead, director of product management at Google, has told programmers that apps in the Play Store that want access to SMS or Call Logs will start being removed unless the ad-slinger has OK'd the given developer's justification. Failure to submit the Permissions Declarations form means the app could well be removed from …

  1. The Dogs Meevonks

    99.9% of all apps

    99.9% of all apps do not need access to most data for any reason... but 99.9% of them request it anyway... Restricting sms/call access... doesn't go nearly far enough. Throw in location and other identifying data such as wifi/bluetooth ID's... all of that data should be restricted unless it's 1000% required for the app to function it's given task.

    1. Keef

      Re: 99.9% of all apps

      Do you have any sources to back up your 99.9% claim?

      Hey, don't bother looking, because your 1000% comment shows you don't understand percentages.

  2. ST Silver badge
    Devil

    No giggling?

    I am waaaaaaaaaaaaay past giggling.

  3. Nunyabiznes

    Backhander

    "unless the ad-slinger has OK'd the given developer's justification"

    ie. the check has cleared.

    1. druck
      Facepalm

      Re: Backhander

      check verb (EXAMINE) ​ A2 [ I or T ] to make certain that something or someone is correct, safe, or suitable by examining it.

      cheque noun [ C ] a printed form, used instead of money, to make payments from your bank account.

      1. tellytart

        Re: Backhander

        Check is correct if the OP is using American English. Cheque if you are British.

        1. druck

          Re: Backhander

          Sorry old chap, but we speak the Queen's English here.

          1. DiViDeD Silver badge

            Re: Backhander

            Absolutely! Well said that chap!

            Indeed, we invented the bloody language, so we decide how to spell the damn thing!

  4. DougS Silver badge

    Is it easier to start with a walled garden

    Then try to make a few chosen holes in it, to allow squirrels and your cat (using his special collar) to get in/out, or start with an open slat fence, and try to board up every spot you see a fox or rabbit sneaking in for a feast?

    It is good Google is doing this, but Google's openness means there are similar problems all over the place like say with location info or network information. Google will have to go back and deal with each and every one if they really want to improve things, instead of handling a few pieces of low hanging fruit that are leading to bad publicity. Every time they lock something down, some legitimate users who don't qualify under the new rules but had become used to the freedom that openness gave them will be shut out.

    Google will be forced to bring in more of the heavy handed review/approval process Apple has long required, since for all the "AI" hype we keep hearing about a human is and will remain for a long time yet the only way to determine the difference between a 'legitimate' need for access to the call log or SMS, and an app that's overreaching or intent on bad behavior. Even with humans you can't be 100%, as Apple's occasional mistakes in refusing or approving apps demonstrates.

    1. phuzz Silver badge

      Re: Is it easier to start with a walled garden

      I realise it's a metaphor, but a wall isn't going to stop a squirrel from trying to get into your garden. And probably not a cat either.

      (src)

      1. DougS Silver badge

        Re: Is it easier to start with a walled garden

        Well its a good thing we want to allow the squirrels and cats in then :)

      2. DiViDeD Silver badge

        Re: a wall isn't going to stop a squirrel from trying to get into your garden

        Actually, a wall isn't going to stop anything from *trying*.

        </pedant>

    2. Dan 55 Silver badge

      Re: Is it easier to start with a walled garden

      You know Google's heavy handed review process will be coming up with a really complicated regex to parse the reason developers give...

  5. JohnFen Silver badge

    Deflection

    Greater scrutiny of apps is a wonderful thing -- the app landscape is horrendous and I support anything that might make it better. But a part of me wonders if this isn't also an effort to deflect criticism of Google's own serious privacy-related problems and blame everything on app developers.

    I'd say that Google needs to get its own house in order at the same time, but at this point I think they can't. Their entire business model relies on them being a bad actor.

  6. Oengus Silver badge

    Not nearly far enough.

    This review doesn't go anywhere near far enough. What about contacts? What justification do 90% of apps have for requesting access to contacts? To me contacts are much more sensitive data. Why on earth does a Flashlight App need access to my contacts. Is it somehow going to send Morse code messages via the flashlight? Most of my Android devices can have access to phone logs or SMS as the devices aren't phones so don't support these features but they do support contacts for e-mail and other messaging.

    1. knelmes

      Re: Not nearly far enough.

      There's a very good reason for apps that don't need access to contacts to request it. It lets you know that you shouldn't be installing it.

  7. pleb

    Et tu, Google?

    So two apps which ask for these permissions but have operated with them denied on my phone for ages;

    Google Play Store

    Google Play Services

    Am I missing why they *need* the permissions, because everything seems to work fine without them enabled

  8. DropBear Silver badge

    This is nearly useless

    Sure, when a kitchen timer app wants every existing permission under the sun, that is something that can and should be fixed (or, you know, just don't install it). Unfortunately, the vast majority of apps DOES actually have a justifiable reason to ask for the exact same everything: the modern tendency is to integrate everything with everything else and yes guess what that requires being able to access everything your phone is capable of storing. Do I agree with that trend or want most of that integration - hell no, but it's not like anybody asks me. But the fact is that most of the (mostly likely legit) apps I've seen do _something_ user-facing with the data they ask access to, therefore can easily "justify" asking for it.

    The exceptions are there to prove the rule: for instance, the barcode scanner QR Droid has a separate version called QR Droid Private, with less functions but also less permissions to ask - on the other hand, the "less private" main version comes with extra features that can justify all it asks for, whether or not I want any of it. In this case at least I get to make some sort of choice - but that is literally the only app I've seen offering such a thing. Everybody else just goes "we want to make our app more convenient for you (that's non-negotiable) and guess what letting us offer you things from within the app _requires_ that you let us actually access those things".

    It's an unavoidable imperative even - all apps are looking for some added feature to differentiate them and as soon as one app is seen letting you pick a message or contact or picture to do something with, every single competing app needs to follow suit or get left behind. Developing an alternate, "private" version is simply beyond the effort most app writers are willing or able to expend - and the market validates them. Because as long as only grumpy luddites like us care - really care, to the point of actually refusing to use - about such things, everybody else will just go for the "more shiny", and "hey what's the harm after all"...

  9. Not also known as SC
    Angel

    Apologies if this sounds like trolling...

    ...but this must be one of my all time favourite quotes "Microsoft’s CEO declaring that Privacy is a Human Right,"

  10. Anonymous Coward
    Anonymous Coward

    With vendors like Apple trumpeting their privacy credentials

    Apple HQ and GCHQ look the same, just sayin.

  11. pleb

    For example: Glympse Express

    Glympse Express has just updated. Glympse lets you text a link to enable the recipient to track your location on a map, for a preset period. So up til now it has asked for Contacts and SMS permission, as well as location obviously. From the app you can click on one from a list of imported contacts and the app will send them a brief sms message together with a URL to track you.

    Now however, the update says:

    "Changes to how Glympse interacts with Android in order to comply with updated User Data and Permissions policies set forth by Google. When you send a Glympse, your default SMS app is opened and you must manually send the message as opposed to Glympse sending on your behalf."

    I have not updated, because I prefer the convenience of fewer click to send the link, and I trust the app.

  12. FranklyAmazed

    Simple Controllable Permissions Dependency Map (Giggle Google Privacy)

    Hi Folks,

    Even if we ignore the ability of the security services to backdoor our devices, who is it that really agrees with Google's, Apple's, or any other current "Permission Systems" ?

    Is it not obvious that as more people and governments take a stand about protecting their privacy Apple and Google are going to get really shafted by heavy data protection breaching fines and new legislation?

    Step by step, country by country, people are realizing that even innocuous apps are data mining information they have no worldly right to.

    More people are awakening to realize that "Glass Box" type systems on their devices are recording locations, touches, keystrokes, actions, audio, video, photos etc.

    It is not just the flashlight app fully spying on your data, it is simply the fact that we do not have any proper control!

    The user should simply be able to switch ANY permission on and off for every app, even the core system apps and factory bloatware, if doing so "breaks" the functionality then it is their device and their right and rite to do so. A simple controllable permissions dependency map will enable anyone to see the implications of their decisions and place their privacy back into their control.

    Personally I do NOT want ANYTHING to have CASUAL ACCESS to my CONTACTS, EMAILS, PHOTOGRAPHS, USAGE DATA, historical or current.

    I think ALL the manufacturers are going to hit a really big bump in the road when people understand just how much of their data is being sucked onto their servers, and how that data has been used, stored, and accessed.

    I believe this will create some real fun times ahead as we sit back and watch the exploded view of data Vs privacy in the near future!

    I look forward to reading your views and comments as time moves on-wards...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019