Last week, tech giant Google decided to shutter social network Google+ after disclosing a bug that may have exposed the data of 500,000 users to third-party developers. At the same time, in a bid to assure users their data was secure, it rolled out a set of policies restricting the kind of user data third-party app developers can access though the Play Store.
While the policies will put Google's Android users in greater control of their data, app developers will now have to operate a bit differently than in the past. Google’s new policies are part of what the Mountain View, California-based company dubs Project Strobe.
“It (Project Strobe) is a root-and-branch review of security following the Google+ issue,” Jack Kent, a senior analyst at London-based data firm IHS Markit, told TechCircle.
Kent said the move to provide “more granular, use-case-based app permissions” is something users have indicated they wanted.
“It also fits with the wider context of opt-in, permissioned and task-specific uses of personal data as governed by new General Data Protection Regulation (GDPR) in Europe,” he said.
What changes for third-party app developers?
Under Project Strobe, developers have to inform Google about the permissions their apps seek from users and for what purpose. The new policy also mandates that developers have to let Google know how they intend to use the data that is being collected.
Further, if any app is seen indulging in unauthorised data collection or using user data in any way other than specified, developers will face penalties and the app may be kicked off the app store.
In the past, developers were not required to submit any prior information about collecting data and app permissions; and the sole onus was on the user to choose what permissions to give an app.
Another big change in the Play Store policy is Google’s decision to segregate call logs and SMS data from contacts information.
“It appears Google’s contacts API (application programming interface) had previously provided some limited interaction data as well as the basic contact information. In separating the interaction (call log, SMS data, and more) from the contacts, Google is making it easier for users to approve or deny the specific use case for apps that want to access the data,” Kent explained.
The new policies, said Satyajit Sinha, a senior analyst at Gurugram-based Counterpoint Research, will enable the Play Store to curb malicious apps that transmit user information without consent. For example, earlier Google had to remove the Flashlight app from its Play Store because it would record telephone calls of users without their knowledge.
Business as usual for apps
Despite these policies, it is unlikely that app developers will face major hurdles. In other words, there will be minimal impact on how consumer internet apps such as Flipkart, Ola and Paytm do business.
“Apps will continue to work the way they do other than the fact that they will first file a rider with Google informing them about most of their decisions. There will be no changes to apps seeking permissions for certain features. Just like before, if you don’t give them certain permissions, a particular feature will not work,” Sinha explained.
Both Kent and Sinha believe that Google’s new policies are perhaps aimed more at complying with GDPR or holding an entity accountable in case of a data breach via one of the apps listed on the Play Store.
The GDPR came into effect on 25 May. It mandates that a user should have control over data and must have the right to be forgotten by an app or app-like service.
Another important norm says that any company dealing with any kind of data of European citizens should take steps to guarantee data protection or face business ban in the region. At the same time, countries such as India are also working on their versions of the GDPR.
An executive at a fintech company said on the condition of anonymity that Google made the changes after being in touch with companies for six to seven months and that it has ensured the changes don’t affect the companies in anyway.
A Paytm spokesperson said that the move by Google to restrict access to call logs and text messages has come in rather late. “This new update by Google will have no change or impact on our services that we offer across the country,” the spokesperson said.
A spokesperson for food delivery startup Zomato said, “We see this as a positive step in that direction. This does not impact us.”
Grocery delivery startup Grofers echoed the sentiment: “We don’t ask for unnecessary permissions anyways. There will be minor work to change how auto confirmation of OTPs (one-time passwords) occurs in third-party payment processors, but nothing noteworthy.”
Charlie Lee, chief executive at True Balance, an app that lets people check and recharge mobile balance, said: “It is imperative for us to understand user behaviour. If justified, and acceptable to the end-user, then Google could provide access for partners who are building businesses based on the open Android platform.”