Google is implementing new rules for the Google Play Store on how the “SMS” and “Call Log” permissions are used by Android devices. The new rule now only allows certain apps the ability to request the device’s call logs and SMS permissions, and any apps will be removed from the Play Store altogether if the apps do not fit Googles accepted use cases.
First announced back in October, the new policy will kick in this week along with Google’s ban hammer on non-compliant apps.
According to the blogpost by Google:
“Only an app that has been selected as a user’s default app for making calls or text messages will be able to access call logs and SMS, respectively.”
Although there were some exceptions laid out by google, ultimately, this means that phone call logs and SMS permissions will now be heavily monitored and policed on the Google Play Store.
The company says that the decision to monitor phone logs and SMS permissions is to protect user privacy. As phone and SMS permissions can give apps access to the device’s call logs and contact lists, and this could allow malicious apps to contact premium numbers and charge money directly to the device owners phone bill. So according to an article on Ars Technicha:
“Google’s current plan seems to be to (1) build more limited, replacement APIs for these benign use cases that don’t offer access to so much user data and (2) kick everyone off the Play Store who is still using the wide-ranging SMS and phone permissions for these more limited use cases.”
Google has already setup a support page to cover the new rules for permissions, exceptions, invalid uses, and alternatives to common uses.
Manual Approval for SMS and phone log permissions
Google will be monitoring and policing of this new rule will involve a mix of human reviewers and automation. When mobile app developers upload an app to the Google Play Store via the Google Play Developer console, the app is already automatically checked for permissions that the app requests, and anything that would involve call and SMS permissions will be flagged for human approval.
Developers will then need to fill out a “Google Play Permissions Declaration Form” and detail why their app needs access for SMS or Call Log permissions, it will then go a human reviewer that will approve or deny the permission usage based on the application form.
The company using human reviewers is new, as normally they would rely on automation such as when Google used machine learning to battle spam reviews, but as malicious app developers are employing new and clever and tricks to avoid detection, it would be good to employ some human intervention from time to time.
Image Credits: Ars Technica