Google’s latest security measure seeks to rein in requests of apps for data that are not critical to their functioning
After the shutting down of its social media platform, Google+, following reports that user data was being compromised, Google has announced changes to the way it facilitates apps in accessing end-users’ Gmail data, call logs and SMS. The changes are part of “Project Strobe”, a grassroots review of third-party developer access to Google accounts and Android-device data. Currently, apps coerce users into sharing data wholesale—the permissions dialogue box summarily seeks permission for access to, say, mail, contacts, SMS, gallery, etc—and, in most cases, denying permission for even one feature means the app may not simply work. Google’s new move should give users greater control over what data they share and end apps’ coercive permission-seeking. It will allow you, say, when an app wants access to your Gmail data, to grant or deny permission for each Gmail feature (inbox, outbox, sent, contacts, etc) separately. In a blog post on October 8, Google said only Android applications that users select as their ‘default apps’ for making calls or texting will be able to request access to such data. Thus, not only are permissions going to come unbundled and transparent, certain applications, based on their core functionality, can’t ask for access to data that is not considered integral to their functioning.
This is a particularly significant move, more so in an evolving data market like India’s. In any case, it is highly likely that most consumers, globally, simply may not be aware of how their data is being used by the apps and to what extent it violates their privacy. Most just sign up without reading in detail what they are agreeing to when they are allowing access to their data, thanks to the deliberately lengthy and tedious proforma for consent-seeking as well as ‘consent fatigue’. Against such a backdrop, any step that even marginally simplifies consent-seeking and approval for the end-user is a blessing. Google clarified that it may grant limited exceptions if an app transparently provides a critical feature for which there is no alternative than to accessing certain data from the end-user. Apps, of course, would perhaps need to restructure themselves for Android users—for instance, instead of automatically reading a verification code from the SMS feature, an app may perhaps allow the user to key in the code after reading the SMS.