Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Android Google Security Software Technology

Google Play Starts Manually Whitelisting SMS, Phone Apps (arstechnica.com) 37

An anonymous reader quotes a report from Ars Technica: Google is implementing major new Play Store rules for how Android's "SMS" and "Call Log" permissions are used. New Play Store rules will only allow certain types of apps to request phone call logs and SMS permissions, and any apps that don't fit into Google's predetermined use cases will be removed from the Play Store. The policy was first announced in October, and the policy kicks in and the ban hammer starts falling on non-compliant apps this week.

Google says the decision to police these permissions was made to protect user privacy. SMS and phone permissions can give an app access to a user's contacts and everyone they've ever called, in addition to allowing the app to contact premium phone numbers that can charge money directly to the user's cellular bill. Despite the power of these permissions, a surprising number of apps ask for SMS or phone access because they have other, more benign use cases. So to clean up the Play Store, Google's current plan seems to be to (1) build more limited, replacement APIs for these benign use cases that don't offer access to so much user data and (2) kick everyone off the Play Store who is still using the wide-ranging SMS and phone permissions for these more limited use cases.
Google provides a help page that helps explain the new rules and offer workarounds for some use cases.
This discussion has been archived. No new comments can be posted.

Google Play Starts Manually Whitelisting SMS, Phone Apps

Comments Filter:
  • Google says the decision to police these permissions was made to protect user privacy.

    HAHAHAHAHA
    Like Google will ever do this. Their whole business model pretty requires a lack of this.

    • by Anonymous Coward

      You're right. It should read, "Google says the decision to police these permissions was made to protect user privacy from anyone but Google." Facebook actually sells/trades user data. Google's whole model is on hording user data precisely so companies have to constantly go through Google for everything. It's little wonder so few companies really complain about Facebook in comparison.

  • Have Google's apps previously been abusing these permissions?

    Can Google now circumvent this block?

    • by AHuxley ( 892839 )
      All about the ads and who gets to see what.

      1. Pay for an approved ad.
      2. Make an app thats collects on users like an ad?

      Option 1 brings in the cash.
      Option 2 is giving data sets away for free.
  • Long Overdue Step (Score:5, Informative)

    by dryriver ( 1010635 ) on Wednesday January 16, 2019 @05:50PM (#57974554)
    There are sooo many Android apps that look nice - and free - at first, but then want to access every nook and cranny of your Android device, including the ability to look through your contacts directory and listen in/report on any phonecalls or other communications you perform with the device. My guess is that some of these apps are actually made by state-actors who want to eavesdrop on unsuspecting smartphone users all over the world - the information gleaned from users in other countries of these smartphone apps may be worth gold to these state-actors.
    • by ljw1004 ( 764174 ) on Wednesday January 16, 2019 @07:26PM (#57974934)

      There are sooo many Android apps that look nice - and free - at first, but then want to access every nook and cranny of your Android device, including the ability to look through your contacts directory and listen in/report on any phonecalls or other communications you perform with the device. My guess is that some of these apps are actually made by state-actors who want to eavesdrop on unsuspecting smartphone users all over the world.

      My guess is just that the developer wants to make money from ads, and incorporated an ad SDK from a third party without thinking. And the ad broker who wrote that SDK obviously wants to scrape as much information as possible from the device so they can (1) target ads more precisely, (2) sell the data.

      (I base this on having seen how universal it is to consume third-party SDKs without even thinking about how the SDK works...)

    • Curiously though this blackout applies even to apps that clearly have reason to view the incoming or outgoing phone number (not the call log but the CallID), e.g., call recorders:

      https://nllapps.com/apps/acr/google-denies-phone-number-accesss.htm [nllapps.com]

    • In a previous job I wrote phone some discreet tracking software so that we could see where the company phones where. Eventually one of my bosses asked me to modify the app so that he could read his girlfriends sms messages without her knowing. I was surprised how easy it was to add this feature. This adjustment to Android security is about 7 or 8 years too late.
  • get more access to the users habits.
    Keeps the ad competition out from getting free data sets.
  • That this was ever any other way in the first place is a tragic indictment.

  • Is Google or anyone else keeping a tally of what apps have been whitelisted and those that failed?

  • by sremick ( 91371 ) on Wednesday January 16, 2019 @11:04PM (#57975558)

    How about they give back SMS permissions to the Hangouts app, so that it can register as the default SMS app and those of us who use our Google Voice # as our primary SMS can have the seamless integration back? As it is now, I can't click on a phone # from a contact to launch sending a text... or any other app that shows phone numbers. Instead, I have to go into Hangouts first then initiate the text from there.

    I know it's be really complicated for Google to work with the company that makes Hangouts, but I'm sure some sort of channel of communication could be opened so that proper interoperability could be restored like it used to.

  • Google cracked down on Android Lost a little while ago, which I find rather annoying. I have my own phones lo-jacked in case they get stolen, but now the app gets disabled by default. I'm sure this will be even worse now...

    • by dkman ( 863999 )

      Exactly. I saw a tweet from Cerberus (a "find my phone" app) that blocking them from SMS was going to make their job more difficult.

      I'm not sure if they got it worked out or found a way around it, but "Security Apps" was intentionally one of the things blocked from the whitelist. I don't see a reason why. I would think that whitelisting should be a no brainer for legitimate security apps.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...